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BY DAVID RUBINSTEIN 

In the wake of preliminary sec- 
ond-quarter earnings that Bor- 
land Software officials called 
extremely disappointing, Dale 
L. Fuller has stepped down as 
president and CEO after six 
years at the helm of the venera- 
ble software tools maker. 

Former executive vice presi- 
dent and COO Scott Arnold, 
who becomes acting CEO, 
thanked Fuller for his service 
and for "laying the foundation 
for future growth in the ALM 
market" during a conference 
call for investors last month. 

In the company's prelimi- 
nary results for the second 
quarter ended June 30, Borland 
expected to miss its targeted 
revenues of US$70 million to 



$73 million by a substantial 

margin. Preliminary financial 

results released last month esti- 

► continued on page 23 




Dale Fuller stepped down after six 
years at the helm of the company. 



With Atlas, 
Microsoft Puts 
AJAX World 
On Shoulders 



BY DAVID RUBINSTEIN 

Creating a richer user experi- 
ence with Web applications has 
required a lot of hand-scripting 
to manipulate objects on the 
screen, and even more coding 
to optimize the experience on 
different browsers. Asynchro- 
nous JavaScript and XML 
(AJAX) and even more propri- 
etary approaches have not 
made the task much easier. 

This, according to Microsoft 
Platform Strategy Group man- 
ager Tim O'Brien, "is a plat- 
form problem if there ever was 
one." 

So Microsoft in September 
is expected to deliver early bits 
of its AJAX-based Atlas plat- 
form for ASP.NET at its Profes- 
sional Developers Conference 
in Los Angeles. The technical 
preview will be downloadable 
on top of ASP 2.0. 

"We're at the point where 
the core feature set for AJAX is 
now ubiquitous enough," said 
Scott Guthrie, product manag- 



er of Microsoft's Web and Tools 
Group. "Although the core 
building blocks [XML, 
DHTML] are there, they are 
pretty low-level blocks. We're 
trying to provide higher-level 
developer abstraction" with a 
library to abstract out the dif- 
ferences between existing 
AJAX implementations and 
browsers. 

Meanwhile, two other com- 
panies are taking their tools and 
placing the AJAX sticker on 
them. MB Technologies has 
released to beta a new version 
of its Bindows (browser-based 
Windows) software with a new 
emphasis on business report- 
ing, and Dart Communications 
is offering what it describes as 
the first commercial set of 
AJAX controls for ASP.NET 
applications. 

Atlas, O'Brien said, was dri- 
ven by the need for a better 
customer experience. "You 
need better richness, more 
► continued on page 22 



Are Your Web Services Vulnerable? 



BY JENNIFER DEJONG 

SQL injections. Buffer overflows. 
Cross-site scripting attacks. The 
top Web application vulnerabili- 
ties are well known. 

But some experts say that 
XML injections, a class of 
threats specific to Web services, 
are lurking on the application 
security horizon. "The same 
attributes that make Web ser- 
vices attractive — ease of use, 
platform independence, use of 
HTTP — also make them great 
targets for attack," said Alex 
Stamos, a founding partner at 
consulting firm Information 
Security Partners (iSEC). 

iSEC was set to demonstrate 



at the Black Hat 2005 confer- 
ence in Las Vegas, July 26-28, 
early versions of three open- 
source tools aimed at detecting 
vulnerabilities in Web services. 

And professional services 
firm Foundstone readied its own 
offering last month. WS Digger is 
a free tool that can be used to 
determine whether a Web ser- 
vice is vulnerable to an XPath 



ATTACKS ON XML 



injection. An XPath injection is 
similar to a SQL injection, where 
a hacker accesses data intended 
to be off-limits by "injecting" a 
SQL call into a Web form. 

"Now we are seeing the same 
attack scenario with Web ser- 
vices," said Foundstone consult- 
ing director Mark Curphey. 
WS Digger includes an example 
► continued on page 24 



Some of the more common attacks on Web services are: 

XPath Injection: An XML-specific attack, similar to a SQL 
injection. The attacker injects strings of tainted data into an 
XPath query in order to get at unauthorized data. 

XML Bomb: An XML bomb calls on itself and continues to expand 
until it overflows the memory and returns an error message. 
Because the error message provides new information about the 
application, the attacker can "improve" the next attack. 

XML Denial of Service: The attacker creates an XML file large 
enough to shut down an application. The time it takes the XML 
parser to parse the file consumes an excessive amount of CPU 
resources. 



IBM, SUN: 
WARMING 
TREND? 

BY JENNIFER DEJONG 

IBM has defended its decision 
not to participate in the Java 
Business Integration 1.0 specifi- 
cation but said it expects to 
remain active in the Java Com- 
munity Process, after it reupped 
its Java license for the next 10 
years at Sun Microsystems' 
JavaOne conference in late 
Tune. "m^^M 

JBI, ratified in June by the 
JCP, defines a Web services- 
based service-oriented archi- 
tecture, enabling applications 
to collaborate. 

Asked why the company 
did not back the specification 
also known as JSR 208, 
IBM declined a request for 
an interview. However, a 
► continued on page 19 
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Making the Right Choices for Healthy Software 

QSM offers metrics for development shops to estimate projects, see how they're doing 



BY DAVID RUBINSTEIN 

The best software projects are 
completed nearly 3 1/2 times 
faster and 7 1/2 times cheaper 
than the worst ones, according 
to new data from Quantitative 
Software Management. 

The best projects take 7 1/2 
months to complete, while the 
worst take more than two 
years. Further, the best require 
19 person-months of effort 
compared with 141 person- 
months exhausted on the worst 
projects, according to the find- 
ings. A person-month is 
defined as one person working 
for one month. 

"This is the state of our 
industry," said Michael Mah, 
managing partner at QSM's 
affiliate consulting arm, QSM 
Associates. "Software is the 
capital asset of the information 
age. When people build soft- 
ware, they want to know how 
their projects compare." 

The information was gleaned 
from an examination of 563 



How They Measure Up 




The best projects handle requirements changes more easily and show 
better scores in other categories, according to QSM's research. 



business IT projects from more 
than 140 different development 
groups in more than 31 coun- 
tries, Mah said, where the aver- 
age project required 30,000 new 
or modified lines of code, or 600 
new or modified function points. 
QSM's metrics look at 
speed, cost and quality in devel- 



oping software, and its data is 
used by organizations looking 
to estimate how many re- 
sources — manpower, time and 
dollars — need to be dedicated 
to a project, Mah added. The 
company offers consulting and 
training services as well as 
SLIM, a suite of tools for pro- 



ject management, cost estima- 
tion and metrics analysis across 
the application development 
life cycle. 

"Project managers are under 
the gun," he said. "Many now 
use a finger-in-the-wind, non- 
scientific method of estimating" 
what's needed to complete a 
project in a timely, cost-effec- 
tive manner. "If eight of 10 envi- 
ronmental factors are working 
against you, don't promise the 
top 20 percent of schedule per- 
formance, and don't underfund 
the project." 

Mah said that as companies 
move to adopt new technolo- 
gies and techniques, yet cut the 
funds they spend on developer 
training, the knowledge gap can 
widen. "Knowing the capability 
of your staff helps in the fight 
against unrealistic deadlines," 
he added. 

QSM found that the most 
important factor separating the 
best projects from the worst is 
the ability to control changing 



requirements. "That issue just 
floats to the top," Mah said. 
"The best in class dealt with it 
in an effective manner, while 
in shops where they don't han- 
dle it well, the project whip- 
sawed and jerked around all 
over the place." 

Interestingly, the data discov- 
ered that tools are not as big a 
driver on best projects as skilled 
people with domain knowledge 
and dealing with changing 
requirements. "Even with good 
tools, not having skilled staff or 
a handle on requirements didn't 
save it," he said. 

Estimating software projects 
goes beyond the numbers, 
though, Mah pointed out. 
"There are the numbers, like 
good cholesterol and bad cho- 
lesterol. Then, there are envi- 
ronmental factors — do you eat 
well, do you exercise? The num- 
bers are used to encourage you 
to make good lifestyle choices." 
Good development, he con- 
cluded, is a lifestyle thing. I 



Coming From IBM Researchers, a Reason to SMILE 

Project aims to make messaging middleware smarter; new tools ready on 



alphaWorks 



BY JENNIFER DEJONG 

SMILE. Tomorrow's messaging 
middleware will be smarter 
than today's. That's the message 
a team of IBM researchers 
wants to send developers about 
the Smart Middleware Light 
Ends (SMILE) project it is 
working on. 

Today's messaging middle- 
ware operates on a message-by- 
message basis, said Chitra 
Dorai, manager of distributed 
messaging at IBM's Thomas J. 
Watson Research Center, in 
Hawthorne, N.Y. "You can say: 
'Send me messages about IBM, 
only when the stock price 
exceeds X,'" Dorai said. But 
SMILE takes that to the next 
level, allowing developers to eas- 
ily compose messages that cor- 
relate data from multiple 
streams. 

A developer can create, for 
example, a financial query for 
computing the total volume of 
stock quotes, grouped by compa- 
ny, over a period of 10 minutes, 
explained Rob Strom, IBM's 
project lead for SMILE. The 
process is essentially like running 



a SQL query (or one based 
on XQuery) across multiple 
streams of data that keep 
changing over time, he said. 

Developers could, of 
course, write Java code to 
accomplish the same result. 
But because that process is 
code-intensive, as well as con- 
ceptually complex, they typi- 
cally don't. "You would have to 
write code that handles each 
message separately," said 
Strom. "That's just one level of 
complexity." On top of that, 
developers would have to deal 
with requests from hundreds 
of business users, each with dif- 
ferent queries. And they have 
to determine what those 
queries have in common, and 
figure out how to organize 
them to avoid redundant com- 
putations, he said. 

When will SMILE move out 
of the laboratory and into IBM 
development tools? "We are 
working closely with the IBM 
Software Group, and over the 
next several years, you will see 
SMILE's capabilities emerge," 
said Strom, but he did not pro- 
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Source: IBM 

IBM's project SMILE lets developers compose messages that correlate 
data from multiple streams. 



vide further details. When 
SMILE finally makes it way into 
IBM's development platform, he 
envisions a scenario where busi- 
ness users will ask developers to 
compose "messages" that answer 
complex business questions, 
much the same way they request 
customized reports from data- 
base administrators today. 
Because it adds intelligence to 
messaging middleware, SMILE 



will make it easy to do that, said 
Dorai. "In the SMILE-less 
world, the app developer simply 

she 



receives 
added. 



raw messages, 



NEW ON ALPHAWORKS 

In other research news, IBM at 
the end of June unveiled on 
alphaWorks, its Web site for 
emerging technologies, two tools 
aimed at development teams. 



The Availability Monitoring 
Toolkit (www.alphaworks.ibm 
.com/tech/availabilitymonitor 
/download) is an Eclipse plug-in 
that lets developers check the 
status of all dependent systems 
before they attempt to test or 
run the application they are 
working on, said Amit Patel, 
an emerging technology strate- 
gist at IBM. "It offers an alter- 
native to manually pinging each 
system." 

Also new is Security Lifecycle 
Management Tools for IBM 
Tivoli Access Manager (www 
.alphaworks.ibm.com/tech/amslm 
/download), a set of Eclipse tools 
that help developers integrate 
IBM's authorization and single 
sign-on software with the com- 
pany's software development 
platform. It provides code sam- 
ples that save developers from 
having to write to the Access 
Manager APIs, Patel said. 

Approximately 40 percent of 
the technologies offered through 
alphaWorks graduate into the 
market, said Kathy Mandelstein, 
director of worldwide developer 
marketing for IBM. I 
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Market Fuels Java RAD Product Growth 

Competition from .NET, LAMP 
stack forces easier tools 



BY YVONNE L. LEE 
AND ALAN ZEICHICK 

Tools to make programming in 
Java easier are springing up 
everywhere, from enhance- 
ments to existing products such 
as Borland's JBuilder or Ora- 
cle's JDeveloper, to new tools 
such as Sun's Java Studio Cre- 
ator, to tools from smaller com- 
panies including Exadel, Jet- 
Brains and TenFold. 

Analysts say market condi- 
tions, rather than any techno- 
logical breakthrough, such as 
the advent of JavaServer Faces 
(JSF), account for the explosion 
in Java RAD tools. 

In fact, other than automat- 
ic code generation, the tools 
bear little in common. Sun 
Microsystems and Oracle exec- 
utives pointed to JSF as an 
impetus because it provided a 
framework for user interface 
components. However, Ten- 
Fold's software, Enterprise 
TenFold, and JetBrains' forth- 
coming Fabrique do not use 
JSF at all. 

"From my point of view, 
there was a big upsurge in the 
early to mid-1990s of RAD 
tools in general," said Wayne 
Kernochan, president of Info- 
structure Associates. "What 
happened in the late 1990s is 
that Sun convinced folks that 
Java is the wave of the future." 

Although the tools Sun 
offered for developing in Java 
were not easy to use, they were 
sufficient for early adopters 
who were interested in delving 
into the details of the Java 
architecture, he said. Ker- 
nochan said that although the 
harder-to-use tools were bad 
for programmer productivity, 
during the recession many 
organizations weren't spending 
money on new tools, so there 
was no impetus for vendors to 
make them. "I think the prolif- 
eration of Java RAD tools is an 
indication that people are real- 
izing that competitive advan- 
tage matters, [that] program- 
mer productivity matters, and 
that [earlier] Java tools [deliv- 
ered] far less competitive 
advantage," he said. 

During Java's infancy, Java 
programmers tended to be spe- 
cialists in the language, but now 
Java is being used by a new set 



of developers who have worked 
with fourth-generation lan- 
guages or with older languages 
such as RPG and COBOL. 

"The people who are coming 
in the Java space now do not 
have J2EE skills, and the learn- 
ing curve is really steep," he said. 

"These bigger J2EE vendors 
that started coming out with 
tools were thinking like J2EE 
purists. Their tools didn't make 
it easier for people coming in 
from COBOL," said Steve Ben- 
field, vice president of strategy 
and technology evangelism at 
ClearNova, which makes the 
ThinkCap development tool. 

Java's difficulty resulted in 
programmers' moving to other 
platforms, which provided fur- 
ther impetus for providing bet- 
ter tools, said Bill Whyman, 
president of the analysis firm 
Precursor. 

"People are going to both 
Linux [and the LAMP stack] 
and .NET," he said. That led 
Sun to lead JSR 127, the specifi- 
cation for JavaServer Faces 1.0. 

With JSF, developers can 
build Web applications by 
assembling reusable user inter- 
face components, connecting 
these components to an appli- 
cation data source, and wiring 




JetBrains' upcoming Fabrique has both an interface designer and application flow creator. 



client-generated events to serv- 
er-side event handlers. The lat- 
est version of JSF, version 2.1, 
will be part of J2EE 5. 

TECHNOLOGICAL ROUTE 

Technologically, Struts, an 
open-source framework, and 
JavaServer Faces, which is a 
JavaServer Pages tag library for 
user interface elements, helped 
vendors create the easier-to- 
use tools. 

Some tool makers say this is 
a natural progression that 



occurs with any technology. 

"There's a maturity curve 
around application develop- 
ment technologies," said Rob 
Cheng, director of product 
marketing at Borland Soft- 
ware. "What's happening is, 
as these technologies become 
mature, tooling inevitably fol- 
lows." 

"Prior to JavaServer Faces, 
you had a lot of companies trying 
to come up with proprietary 
frameworks," said Dennis Mac- 
Neil, director of product market- 



ing at Oracle. Those proprietary 
frameworks led to lock-in, he 
said. MacNeil, formerly of Sun 
Microsystems, led the effort to 
create JSF. 

Organizations needed more 
flexibility than these tools pro- 
vided, said Cheng. "If you had 
multiple application servers 
that you're deploying to, you 
want to use tools that aren't 
tightly associated with a plat- 
form. You often have these 
periods after an acquisition 
► continued on page 13 



BEA Dusts Off Its Tuxedo 

Updated transaction middleware focuses on SOAs, integration 



BY ALAN ZEICHICK 

BEA Systems last month 
announced version 9.0 of Tuxe- 
do, its transaction middleware 
system for COBOL and C/C+ + 
applications. The new release, 
shipping immediately for AIX, 
HP-UX, Solaris and 32-bit Win- 
dows, brings the software into 
the SOA era, and tightens its 
integration with BE As applica- 
tion server stack. 

Tuxedo is BE As oldest prod- 
uct, acquired from Novell in 
1996. The software was origi- 
nally developed by AT&T's Unix 
System Laboratories as a reli- 
able messaging infrastructure 
for transaction-oriented applica- 
tions, such as automated teller 
machines and financial trading 
systems. According to George 
Gould, director of business 
development for the product 



line, "Tuxedo has always been 
service-oriented," but not in the 
current meaning of the phrase, 
in regard to XML, SOAP and 
Web services. 

While Tuxedo version 8.0 
added support for CORBA- 
based messaging, the big 
improvement with the new 9.0 
release is increased extensibility 
to support modern enterprise 
SOAs, said Gould. 

"Tuxedo now has a frame- 
work for native Web services," 
explained Lorenzo Cremona, 
director of product marketing. 
"We have some customers who 
look to integration with Web- 
Logic to extend Tuxedo into 
composite applications, but oth- 
er customers say, 'We're Tuxedo 
shops,'" and wanted to have 
native Web services functionali- 
ty, he said. 



Also new with version 9.0 is 
tighter integration between 
Tuxedo and the rest of the 
Web Logic stack. In particular, 
there is a new connector to link 
Tuxedo 9.0 and both WebLogic 
and BE As newly announced 
AquaLogic SOA management 
system. "The technology was 
built into AquaLogic," Cremona 
said, but required a Tuxedo 
upgrade in order to enable that 
integration. The integration 
allows AquaLogic to use Tuxedo 
to communicate with non-Java 
applications as they participate in 
a service-oriented environment. 

Another new feature within 
Tuxedo 9.0 is native support for a 
number of security protocols, 
including PKI, digital signatures 
and Kerberos. Those features 
were provided by third-party 
plug-ins to previous Tuxedo ver- 



sions, Cremona explained, but 
now Tuxedo uses a set of BEA- 
developed security components 
that are common across the 
company's product line. 

Finally, Gould said the new 
version of the middleware runs 
about 20 percent faster, thanks to 
a rewritten processing stack for 
Domain Protocol, the data for- 
mat used for communication in a 
Tuxedo system, and also between 
Tuxedo and the WebLogic app 
server. The new stack also 
improves reliability by detecting 
malformed data packets that 
might disrupt the system, he said. 

A second set of Tuxedo 9.0 
releases, scheduled for later this 
quarter, will support 32-bit Lin- 
ux; the company also will release 
versions for 64-bit Linux and 64- 
bit Windows by the end of the 
year, said Gould. I 
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, COMPANIES , 



Trifork has donated a Java-based CORBA implementation to the 
Apache Geronimo open-source application server project. The compa- 
ny has said that the next version of its J2EE application server, Trifork 
5.0, will be based on the Geronimo project but will incorporate its own 
EJB and Web containers. 



NEW PRODUCTS, 



IBM has released a preliminary version of ConTest, a tool that tests for 
concurrent defects, on www.alphaworks.ibm.com/tech/contest. The 
tool helps expose concurrency-related problems in parallel and dis- 
tributed Java programs by scheduling thread execution to use scenar- 
ios that are likely to contain race conditions, deadlocks and other 
intermittent synchronization bugs . . . Recursion Software has 
released Extended Tag Library Toolkit, an extension to the C++ Stan- 
dard Template Library. The ETL Toolkit adds sorted vector classes for 
use in large arrays; dynamic array classes; hash tables with built-in 
iterator; abstract dynamic heaps with templated priorities; and a cir- 
cular list implementation . . . ITTIA has released an ODBC Driver that 
can work with the db.* and Birdstep embedded databases, as well as 
the related Raima Database Manager, DBM, Volicis, db.Vista and RDM 
Embedded databases . . . Oracle has released Application Server 
Standard Edition One, a new app server designed for small and mid- 
sized companies. The software allows Web pages to be built using PHP, 
Perl and JavaServer Pages, and includes a built-in portal engine. It also 
supports Java servlets and EJBs. The software is priced at US$4,995 
per processor for a single server with up to two processors. 



UPGRADES 



Elementool had added a Web services interface for Bug Tracking, its 
project management software. The Web service, available as a free 
upgrade, will let external applications submit and retrieve information 
to Bug Tracking in an XML-based format . . . ObjectFX has upgraded 
SpatialFX, its Java platform for building spatial applications. Version 
4.1 enhances the software's rule and event processing capabilities, and 
adds new 3D visualization options . . . 4D Inc. has enhanced 4th 
Dimension, its database for Mac OS X. The 2004.2 release adds sup- 
port for Mac OS X 10.4, and also includes more than 300 fixes, accord- 
ing to the company . . . Version 5.1 of JRules, a business rule man- 
agement system from I LOG, now supports both Java and .NET using 
native rules engines for both platforms. It also unifies its J2EE and 
J2SE APIs, and adds support for IBM's WebSphere 6.0 application 
server . . . MKS is offering a process framework for the Information 
Technology Infrastructure Library delivered via Integrity Suite 
2005. ITIL is a best practices framework for managing IT services 
developed by the United Kingdom's Office of Government Commerce. 
Integrity Suite implements all four processes in ITIL, including change 
management, configuration management, problem management and 
incident management. The company also has updated MKS Toolkit, 
which provides Linux/Unix utilities for Windows. Version 9.0 adds 
support for 64-bit Windows, and also integrates the Unix vi editor into 
Visual Studio. It also provides for secure visual file manipulation, 
supports multibyte character sets, and lets standard scripts or pro- 
grams run as a Windows service. The software costs US$359 per seat 
. . . lona Technologies has released a number of updates for its COR- 
BA-based middleware: A service pack for the Orbix 6 object request 
broker allows services to be addressed via URL, and also improves 
load balancing and adds support for Red Hat Linux AS 3.0, Solaris 10 
and SUSE Enterprise Linux 9. A new service pack for the older Orbix 3 
also supports Red Hat Linux AS 3.0. Finally, version 4.3 of Orbacus 
adds support for the CORBA Asynchronous Method Invocation speci- 
fication . . . Version 4.6 of Code Co-op, a peer-to-peer version-control 
system from Reliable Software, adds a new type of project, called a dis- 
tribution project, which automates the deployment of source-code 
changes to customers. The distribution project is designed for compa- 
nies that need to distribute source-code changes as part of service 
agreements. Code Co-op runs on Windows; regular licenses cost 
US$159 per seat, and distribution ► continued on page 14 



Two BPM Players Bolster Tools 
For Modeling, Integration 

HandySoft, Savvion introduce new capabilities 



BY JENNIFER DEJONG 

Business process management 
software makers have shown 
no signs of slowing down for 
summer. 

Vienna, Va.-based Handy- 
Soft Global last month expand- 
ed the integration capabilities 
of its BPM platform. Savvion, in 
Santa Clara, added to its lineup 
in late June a model repository 
and also updated its offering for 
modeling and simulating busi- 
ness processes before they are 
deployed. 

Savvion Process Asset Man- 
ager (PAM) is a repository 
designed to store models creat- 
ed in Process Modeler, the 
company's modeling and simu- 
lation tool, said Don Nanne- 
man, vice president of mar- 
keting. PAM, which costs 
US$50,000, is aimed at compa- 
nies that have created dozens of 
such models and need an effec- 
tive way to search for them, 
keep track of versions and 
enable reuse. 

Typically created by business 
users, models map out the steps 
involved in multistep processes, 
such as placing and fulfilling an 
order, which also can include 
subprocesses, such as determin- 
ing whether a customer is credit- 
worthy. "You get an order, and it 



goes from validation to credit 
verification to service-level 
agreement certification. Then it 
moves from an ERP system, to 
shipping the product, billing, 
receiving and warranty manage- 
ment," Nanneman said. Once a 
process has been modeled, 
developers flesh it out, adding 
code, he explained. 

New to Process Modeler is 
the ability to perform simula- 
tions across subprocesses, not 
just top-level processes, such as 
sending an order to manufac- 
turing, Nanneman said. Simula- 
tion capabilities, found in many 
BPM offerings, are designed to 
improve efficiency, letting a 
business user determine, for 
example, how much faster a 
process would complete if one 
step were eliminated. The tool 
is available at no cost for 90 
days; further pricing informa- 
tion was not made available. 

HANDYSOFT BIZFLOW 10 

New to BizFlow 10, HandySoft s 
BPM platform, is Integration 
Studio, a graphical development 
framework for interfacing with 
applications and databases that 
BizFlow needs to connect to, 
explained Daniele Chenal, vice 
president of product manage- 



ment and marketing for 
HandySoft. It guides the devel- 
oper through the process of 
managing exceptions, such as 
what to do when a database that 
an application needs goes offline. 

"In the past, if the connection 
failed, you would have to hand- 
code all that," she said. Inte- 
gration Studio also stores and 
manages Web services in a reg- 
istry based on Universal Descrip- 
tion, Discovery and Integration 
(UDDI) and manages the trans- 
formation of documents and data 
from one format to another. 

"For instance, it can pull 
information from an XML docu- 
ment and map it into a relation- 
al database," said Chenal. 
It also provides precoded 
adapters to database API's, such 
as JDBC, and e-mail protocols, 
such as Simple Mail Transfer 
Protocol (SMTP). 

In addition to Integration 
Studio, BizFlow 10, which starts 
at US$150,000, includes Process 
Designer (for modeling work- 
flow and creating routing rules), 
Forms Designer (which lets 
developers create user interfaces 
for business users) and Process 
Analyzer (for modeling process- 
es and running simulations to 
improve them). I 
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HandySoft's BizFlow Integration Studio Workbench shows process objects and associated rules, as well as input 
parameters mapped to output parameters. 
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SECO to Focus on Economics of Software Business 



BY EDWARD J. CORREIA 

A group of independent soft- 
ware vendors has banded 
together with the purpose of 
developing a set of best prac- 
tices intended to improve the 



way software is developed, 
delivered and maintained. 

The new organization, Soft- 
ware Economics Council 
(SECO), formed in late June, 
is a spin-off of the BPM 



Forum. It will focus on eco- 
nomic issues of software devel- 
opment "to make sure cus- 
tomers get what they're 
looking for," said Sharish 
Netke, SECO chairman and 



chief strategy officer of Aztec 
Software, which develops edu- 
cational software. "We will dis- 
cuss how different pieces of 
the software industry can work 
together [toward] the right 
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Providing flexible, powerful and 
reliable solutions for your 
development needs, 



business model for the soft- 
ware industry." 

About 20 companies are en- 
rolled, including Adobe, BEA, 
Borland, EDS, IBM, Informat- 
ica, Mercury, Novell, Oracle, 
SAP and Siebel. 

Also on the table is the issue 
of open-source development 
and integration. "In order for 
open source to work, the even- 
tual customer wants a compos- 
ite application. They don't 
really care what is used in 
them; they just want some- 
thing that replicates [function- 
ality] they are able to get from 
a license vendor." 

The problem, Netke said, is 
that open-source software usu- 
ally involves a number of par- 
ties other than the original 
software developer to make 
things work. "Somebody else 
provides service or selects 
which open source to use. 
There's value associated with 
trying to mix and match differ- 
ent applications to make sure 
the customer gets the value." 

For example, Netke said 
that while the JBoss application 
server provides the Apache 
Tomcat runtime, an enterprise 
looking for reporting function- 
ality may turn to JasperReports, 
a separate and unrelated open- 
source project. "If JBoss coop- 
erates with JasperReports, 
which cooperates with a system 
integrator to put all of these 
together, the customer eventu- 
ally gets a composite applica- 
tion at a low price" and can call 
on a single integrator for ser- 
vice and support, he said. 

DON'T WANT A REPEAT 

Netke said the group hopes to 
avoid a debacle similar to the one 
caused by a mid-1990s effort to 
broadly implement the applica- 
tion service provider model. 

"The ASP model was tech- 
nologically advantageous but 
led to a number of channel 
conflicts," said Netke. "Who 
does the selling? Who does the 
implementation? A whole busi- 
ness ecosystem was turned on 
its head to address this newer 
[ASP] technology." 

Netke said the first results 
of SECO's efforts, which will 
be published as a series of 
white papers and Web semi- 
nars, should begin to surface 
before the end of this year, 
and will be available to the 
public. I 
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EclipseWorld Conference: Focus on Enterprise 



BY EDWARD J. CORREIA 

The first annual EclipseWorld 
Conference, being held Aug. 
29-31 at The Roosevelt Hotel 
in New York City, will be the 
world's only conference devot- 
ed entirely to enterprise 
development using Eclipse, 
according to show organizer 
BZ Media, parent company of 
SD Times. 

"We are pleased that a new 
Eclipse-oriented conference is 
being organized, especially one 
focused on enterprise develop- 
ers," said Mike Milinkovich, 
executive director of the 
Eclipse Foundation. "I think 
EclipseWorld will provide a 
great opportunity for Eclipse 
users to learn and enhance 
their usage of Eclipse tools." 

Day one of the conference 
will be composed of full-day 
tutorials, including "Getting 
Started With Eclipse on 
Windows," by D wight Deugo, 
leader of the Eclipse Commu- 
nity Education Project and reg- 
ular columnist for BZ Media's 
Eclipse Source newsletter. 

For beginning and advanced 
developers, the session starts 
with an exploration of Eclipse, 
its installation and basic fea- 
tures, then moves to Work- 
bench and its views, resources 
and perspectives, and ends with 
instruction on how to expand 
Eclipse using its plug-in mecha- 
nism and how to test and debug 
Java code with Ant and JUnit. 
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CONFERENCE: 

Aug. 29-31 

The Roosevelt Hotel 

New York City 

TUTORIALS: 
Monday, 9 a.m.-5 p.m. 

CLASSES: 

Tuesday, 9:15 a.m.-5 p.m. 

Wednesday, 9:15 a.m.-5:30 p.m. 

EXHIBIT HOURS: 
Tuesday, 3 p.m.-7:30 p.m. 
Wednesday, 12 p.m.-4 p.m. 

KEYNOTES: 

Tuesday, 8:15 a.m.-9 a.m., Opening 

Keynote, Mike Milinkovich 

5:15 p.m.-6 p.m., Industry Keynote, 

Patrick Kerpan 

Wednesday, 8:15 a.m.-9 a.m., 

Keynote, Kent Beck 

www.eclipseworld.net 



Tuesday and Wednesday 
consist of 90-minute classes, 
ranging from introductory to 
advanced, covering many 
top-level Eclipse projects, 
including the Eclipse Model- 
ing Framework, Rich Client 



Platform, Web Tools Platform, 
Test and Performance Tools 
Platform, and using the SWT 
edition of Visual Editor. 

Among the keynote speak- 
ers will be Milinkovich, who 
will deliver the opening key- 



note, and Kent Beck, the 
founder and director of 
Three Rivers Institute, a re- 
pository for his teachings 
on patterns for software, 
test-first programming and 
Extreme Programming. 



Former Borland CEO 
Dale Fuller, originally sched- 
uled to deliver the industry 
keynote, will be replaced 
by Borland's chief technology 
officer, Patrick Kerpan. Fuller 
resigned last month. I 
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iOpus Regression Testing Tool Gets Flashy 

Image Recognition Plugin for its Internet Macros tests Flash, Java applets 



BY EDWARD J. CORREIA sion testing tool that the trols, without the use of X/Y designed to automate the 

iOpus Software in early July company claims can now test coordinates. testing of Web sites and 

released the Image Recogni- non-HTML elements, includ- Internet Macros is a record- Web-based applications. It re- 

tion Plugin, an add-on for its ing Flash and Java applets, ing and playback engine for portedly automates such tasks 

Internet Macros Web regres- and ActiveX and other con- Windows desktops or servers as repetitive Web surfing, 
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uploads, downloads, data ex- 
traction and form population. 

The US$199 Pro Edition 
features a command-line inter- 
face, batch file support and the 
ability to measure response 
time. 

The $499 Scripting Edition 
adds an extension to Micro- 
soft's Windows Scripting Host 
with the ability to replay its 
Internet macros and extract 
Web-page data. This edition 
also can be accessed by .NET 
and other Microsoft languages 
as well as by Access, Excel and 
Perl. 

WORKS WITH ALL APPLETS 

According to Mathias Roth, 
chief developer at iOpus, with 
the $998 Image Recognition 
Plugin, developers can now 
automate the testing of applets, 
verify their output and measure 
response times. 

"Even if you can automate a 
Flash applet using X/Y coordi- 
nates, because all elements stay 
at a fixed position, you have no 
way of knowing if the applet 
responded correctly," he said. 
This is a problem because unlike 
HTML-based Web pages, ap- 
plets allow no access to the dis- 
played text. "This is solved by 
our approach because it looks 
for the image of the text and 
thus works with all applets, no 
matter what underlying tech- 
nology is used." 

Further, he said that elimi- 
nating the use of X/Y coordinates 
also eliminates testing failures 
caused by movement of graphi- 
cal elements such as links and 
buttons. 

"For example, consider Web 
sites that have an ad banner on 
top. Often the height of the ban- 
ner changes with different ad 
content. And whenever the ad 
size changes, all page content 
below the banner is moved up or 
down," usually causing X/Y 
testers to fail, even if the page is 
really working properly. 

And while Roth admitted that 
X/Y tools from Empirix, eValid 
and other competitors offer 
work-arounds for some of these 
problems, the iOpus tool is 
unique for its ability to measure 
applet performance. "X/Y-based 
Web testing cannot access the 
inside of an applet, thus cannot 
measure the response time," and 
must therefore resort to manual 
measurements. I 
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Market Forces Java RAD Tools Explosion 



< continued from page 7 

where you have different appli- 
cation infrastructures." 

Nevertheless, not all RAD 
tool makers have adopted JSF 
as the underlying technology in 
their tools, mainly because JSF 
is specific for creating server- 
based applications. 

JetBrains' US$799-per-seat 
Fabrique, which is due to ship 
later this year, will import JSF 
controls but will not create 
them, said company president 
Eugene Belyaev. 

"JSF as a technology today 
doesn't support a lot of aspects 
that a lot of customers require 
from an application," he said. 
Specifically, because it is a serv- 
er-based technology, it doesn't 
take advantage of browser-spe- 
cific capabilities, he said. 

RAPID PROTOTYPING 

Jeff Walker, chairman and CTO 
of TenFold, which makes 
Enterprise TenFold, said that 
what organizations really need is 
a way for programmers to create 
applications that meet business 
executives' requirements. 

"Business people don't know 
what they want until they see 
what you have," he said. "A 
technology strategy for closing 
the requirements gap is rapid 
prototyping. Instead of asking 
you what you want, I show you 
what I have." 

The RAD tools not only 
make it easier to build a fin- 
ished application, but also to 
create working prototypes that 
can be adjusted more quickly, 
he said. By quickly making the 
prototype, developers can work 
with business executives to 
adjust the application's require- 
ments. They can then scale the 
application with other tools 
after they've determined the 
required functionality, he said. 

Walker said TenFold did not 
adopt JSF because, according 
to him, it is possible to build an 
application more quickly with 
the company's proprietary tech- 
nology. 

Still, JSF remains popular. 
Exadel, a tools company based 
in Concord, Calif., has re- 
vamped its RAD tools to work 
with JavaServer Faces, along 
with open-source standards like 
the Struts framework and 
Hibernate, an object-relational 
persistence and query service 
for Java. These technologies, 
pulled together into a single 
visual editor, can simplify the 



development of complex Java 
applications, according to Fima 
Katz, the company's founder. 

Indeed, the company's latest 
offerings, the free Exadel Stu- 
dio and the commercial Exadel 
Studio Pro, are matched by a 



set of JSF training programs 
and professional services. 
Clearly for Exadel, JSF is a key 
enabler of Java rapid applica- 
tion development. 

While JSF is proving to be a 
big driver for Java RAD tools, 



it's certainly not the latest word. 
A hot new project called AJAX, 
for Asynchronous JavaScript 
and XML, is marrying standard 
Java server applications with a 
rich-client executable that can 
make JSF-based applications 



more interactive through 
browser-based execution of 
JavaScript code on the client. 
AJAX uses XML, Cascading 
Style Sheets and XSLT to deliv- 
er data from the server-side JSF 
application to the browser. I 
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MORE UPGRADES 



< continued from page 8 

project licenses cost $90 per seat . . . SOA Software has updated XML 
VPN, its system for creating secure virtual private networks for the 
exchange of Web services information between companies. Version 4.3 
improves last-mile security via message signing, inboard service visual- 
ization using proxies, and also integrates with IBM's Tivoli Federated 
Identity Manager. Pricing starts at US$50,000 per server. 



PEOPLE 



Alex Handy has joined BZ Media as senior editor of SD Times. Handy had 
been editor-in-chief of CMP Media's Game Developer magazine, and is 
an experienced technology and newspaper reporter . . . Macrovision has 
hired Alfred "Fred" Amoroso as its new president and CEO. Amoroso 
previously served as the CEO of analyst firm Meta Group. He succeeds 
William Krepick, who will become vice chairman of the board of direc- 
tors . . . Jean-Philippe Courtois has been promoted to president of 
Microsoft International and SVP of Microsoft Corp. He had been CEO 
of Microsoft Europe, Middle East and Africa. Taking over as CEO of 
EMEA will be Neil Holloway, formerly corporate VP of sales for that 
region . . . Embedded Linux developer TimeSys has hired Michel Genard 
as its EVP of marketing and business development. Genard had been 
VP of marketing at Jaluna, which serves the embedded infrastructure 
market . . . Magic Software Enterprises has promoted Avigdor Luttinger 
to VP of marketing and corporate strategy; he replaces Gil Trotino, who 
left the company. Luttinger, one of the original developers of Magic's 
platform, had been managing the company's business development 
department . . . OSDL has hired Claude Beullens as director for EMEA, 
as part of the organization's push outside of North America. He had been 
managing director of MC2, a storage technologies company. I 



Borland Transforms Together 2006 
Models, Tools to Fit Specific Roles 



BY DAVID RUBINSTEIN 

The creation of role-based tools 
highlights the upcoming release 
of Borland's Together 2006 
modeler, expected later this 
month or next. 

Marc Brown, director of 
product marketing for Borland's 
application life-cycle manage- 
ment products, said the point 
products are designed to give 
users an experience that's more 
specific to their tasks and to 
address their jobs more effec- 
tively. "Some roles felt over- 
whelmed by the features and 
capabilities" of earlier Together 
versions that were very complex, 
he said. 

For this release, Borland has 
created Together 2006 Design- 
er, Architect and Developer 
modeling and development 
tools. The Designer tool was 
created for business analysts in 
the hopes of bridging the oft- 
discussed gap between business 
interests and IT output, he said. 



It supports the Business Process 
Modeling Notation (BPMN) as 
well as UML 2.0 and the ER 
data modeling notation, Brown 
explained. 

Together Architect 2006 — 
"probably the broadest of the 
role tools," Brown said — offers 
enhanced Model Driven Archi- 
tecture (MDA) capability with 
support for the preliminary 
query-view-transformation spec- 
ification being worked on under 
the auspices of Object Manage- 
ment Group. 

QVT, included in OMG's 
Meta-Object Facility specifica- 
tion, is considered a key piece 
to MDA in that it defines how 
model-to-model transforma- 
tions are done. Brown indicat- 
ed Borland will move to sup- 
port the finished QVT 
specification in Architect when 
work is completed. Together 
Architect 2006 also supports 
UML and the Object Con- 
straint Language (OCL), used 



on 



to specify constraints 
objects in UML, he said. 

Brown also indicated Bor- 
land has extended its code-level 
audit and metrics functionality 
to the models, so users now can 
ensure the model complies with 
the underlying requirements 
and organizational standards, 
and that it is complete. 

Together Developer 2006 
allows developers to keep mod- 
els and code in sync, he said. 
Pricing for the tools has not yet 
been finalized, Brown noted. 

"In the Control Center days, 
there was one tool for every- 
body," so all users, regardless of 
role, could work in the same 
tool, Brown said, referring to 
the main product line from 
TogetherSoft before it was pur- 
chased by Borland. But even 
now that the role-based tools 
have been created, each tool 
can leverage and utilize the 
same model through the trans- 
formation process, he said. I 
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Magic to Reveal Its Secrets of XML 

eDeveloper 2 now offers version control, drag-and-drop GUI builder 



BY EDWARD J. CORREIA 

Magic Software today is set to 
release eDeveloper 2, an 
update to its rapid application 
development environment for 
J2EE and .NET that it claims 
now simplifies the creation of 
composite applications through 
a drag-and-drop interface. 

Support for IBM Rationale 
ClearCase and other version- 
control systems compliant with 
the SCC API 1.01 standard has 
resulted in eDeveloper's file 
format being based on XML, 
according to Glenn Johnson, 
Magics director of marketing. 
"This is important because it 
puts the standards for eDevel- 
oper in the open," he said, and 
paves the way for integration 
with tools from third-party ven- 
dors. "Secondly, it takes us fur- 
ther into project and team 
development compatibility with 
[collaborative] solutions from 
multiple developers," he said. 

According to Johnson, eDe- 
veloper's open file formats 
mark a shift in the company's 
strategy. "With this release, we 



take an important step toward 
open standards and opening 
what in the past has been a pro- 
prietary environment." Also 
included is the ability to create 
XML task dataviews, direct 
access to XML document hier- 
archy, and a new XML docu- 
ment parser that Johnson said 
"supports XML validation and 
error conditions." 

Pricing for eDeveloper 2 
remains at US$5,995 per seat. 

Johnson said the new ver- 
sion also focuses on increasing 
developer productivity with 
support for subforms for multi- 
ple programs sharing the same 
form, user-defined functions 
and open directory functionali- 
ty. Also new is a full-fledged 
debugger with step-tracking, 
data control and breakpoints, 
and a composite resource 
repository, which he said is use- 
ful for managing components 
and Java, EJB, COM and Web 
services interfaces, adapters, 
connectors and converters. 

Also included is a series 
of wizards that permit develop- 
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The redesigned GUI editor in eDeveloper 2 enables drag-and-drop interface design and supports ActiveX controls. 



ers to "easily create Web ser- 
vices, DLLs and stored proce- 
dure components," further sim- 
plifying composite application 



creation and reuse. 

eDeveloper 2 also now 
incorporates a built-in GUI edi- 
tor for drag-and-drop creation 



of radio buttons, check boxes 
and other GUI components, 
complementing the ActiveX- 
based GUI tools, Johnson said. I 



"Companies that are seeking to put 
processes in place for managing change 
should place Serena's offerings 
at the top of their list." 



« Analyst firm Ovum research directors Clive 
Burrows and Ian Wesley, New Industry Report 
on Configuration Management Solutions. 



Download the New Industry Fteoori en 3eren&l& Emerpr.sa Change 
Manapemenl Solutions at wwws wrena^cDm/winner 
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Metaphor Updates Speech Toolkit for .NET 



BY JENNIFER DEJONG 

Metaphor Solutions has voiced 
support for .NET-based speech 
applications. 

The Wellesley, Mass., compa- 
ny has announced Metaphor 
Conversation Manager 3.0, its 



first .NET offering. Earlier ver- 
sions were designed to work with 
Metaphors proprietary interac- 
tive voice response tools and 
applications, Michael Kuper- 
stein, the company's CEO, said. 
Conversation Manager 3.0 is 



a toolkit for C# developers that 
extends the capabilities of 
Microsoft's Speech Application 
SDK, part of Microsoft Speech 
Server 2004. 

"We pick up where they 
leave off," he said. Microsoft's 



speech tool lets developers drag 
and drop onto a Web form 
voice controls, each represent- 
ing a single turn — "he said, she 
said" — of conversation, but it 
doesn't automate more complex 
tasks, such as handling excep- 
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tions, said Kuperstein. 

The ability to handle excep- 
tions easily is essential to build- 
ing speech-enabled applications, 
because users of voice-enabled 
applications don't always "speak" 
the expected response. 

For instance, he said, if the 
application asks, "Do you want 
roses or carnations," it has to 
know what to do if the user says 
"tulips." Making that happen in 
Microsoft Speech Application 
SDK requires the developer to 
understand the intricacies of 
working with speech controls, 
Kuperstein said. 

But Conversation Manager 
3.0, which costs US$399 per 
developer, automates that 
process. It guides the C# devel- 
oper through the process of cre- 
ating questions and specifying 
possible answers. 

It includes a library of com- 
monly used questions and 
responses, known as "ask for" 
and "tell" methods, respectively. 
Developers can add these meth- 
ods to an application using only a 
single line of code, he said. I 

PolarLake Reflects 
Business Realities 
In Integration Suite 

BY DAVID RUBINSTEIN 

With a focus on batch-driven 
applications and processes, 
integration software maker 
PolarLake last month released 
Integration Suite 4.2, claiming 
it allows the incorporation 
of data from a variety of for- 
mats into a service-oriented 
architecture. 

The new version enhances 
the products Enterprise Ser- 
vice Bus architecture to include 
support for file systems, FTP, 
ZIP and tar archiving formats 
and e-mail, and delivers mes- 
sages in XML and non-XML 
document formats. 

The updates reflect the real- 
ities of enterprise communica- 
tions, in which data and other 
business information is held in 
Word documents, e-mails, 
Excel spreadsheets and other 
forms, according to PolarLake 
CEO Ronan Bradley. 

"Our support for batch-dri- 
ven business processes demon- 
strates our commitment to a 
real-world approach to the 
SOA," Bradley said. 

Pricing for the new suite was 
not available. I 
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Alpha Makes a Connection With MySQL 



Data-2-the-Web brings point-and-click Web apps to enterprise 



BY EDWARD J. CORREIA 

Database industry veteran Alpha 
Software this month is set to 
release Alpha 5 version 7, a 
major update to its flagship data- 
base that will add codeless tools 
for creating Web-based front 
ends to MySQL open-source 
back-end databases. 

In the meantime, the same 
functionality is available in Data- 
2-the-Web for MySQL, a 
US$199-per-server point-and- 
click environment released in 
June that, according to Alpha 
Software co-chairman Richard 
Rabins, requires no coding of 
any kind. "Because the Web has 
become more of a factor in 
everyone's lives, a lot of people 
want to use it to access their 
back-end databases." 

But despite Web technology 
advances, Rabins said that Web- 
based data access is still extreme- 
ly complex. "Even putting a sim- 
ple form on the Web with data 
validation and a lookup is not a 
trivial thing to do; it takes many 
hundreds of lines of, say, PHP or 
Perl code." 

SourceLabs 
Creates Catalog 
For Open Source 

BY DAVID RUBINSTEIN 

Open-source systems provider 
SourceLabs said last month it 
will launch a catalog of open- 
source projects called Swik, 
based on Wiki functionality that 
allows community members to 
edit or modify content on the 
Web site. 

The site is designed to give 
members documentation on 
open-source projects, as well 
as user reviews and descrip- 
tions of the work, SourceLabs 
said. 

There are no moderators, 
and users can use any RSS 
reader to learn about new pro- 
jects. If a user is seeking infor- 
mation about a project Swik is 
not yet aware of, the software 
automatically finds that project 
and adds it to the repository, 
the company claimed. 

The content, created under 
the Creative Commons Attribu- 
tion Share-Alike license, can be 
reused in any way, even for 
commercial purposes. I 



Data-2-the-Web delivers the 
Web server and Builder, a thick- 
client development environment 
plus prebuilt components and a 



driver for connecting directly to 
the MySQL database. 

For custom requirements, 
Rabins said Alphas XBasic pro- 



gramming application can be 
used to modify any of the data- 
bases created with Builder. 
"Custom pieces of the app can 



be built using Xbasic, and every- 
thing else can be built with our 
components." 

Available for Windows 
servers, Data-2-the-Web can 
be downloaded for free at 
data2theweb.com. After an in- 
troductory period, deployment 
licenses will cost $699 per server 
for unlimited users. I 
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IBM AND SUN: A POSSIBLE WARMING TREND? 



< continued from page 1 

spokesperson later said in a 
statement: "]SR 208 is a sin- 
gle item that IBM is not 
involved in because we are 
taking a slightly different 
approach." 

The spokesperson did not 
specify what that approach 
entailed. But according to 
Randy Heffner, an analyst 
with Forrester Research, IBM 
is withholding its support 
because JBI would make it 
easier to swap out IBM tech- 
nology. 

JBI can be considered a Java 
standard for an enterprise ser- 
vice bus, and IBM has much 
technology to offer around 
ESBs, he explained in a state- 
ment. But if JBI gains enough 
industry traction, IBM is likely 
to back it, Heffner said. 

The specification, which 
was announced at the JavaOne 
conference in late June, 
has been backed by Fujitsu, 
JBoss, Oracle and TIBCO, 
among others, but not by BEA. 

The news that IBM had 
renewed its Java license 



through 2016 also made head- 
lines at JavaOne. But the com- 
pany otherwise maintained a 
relatively low profile at the 
conference. 

When asked why IBM did 
not announce any new JSRs 
or promote its current efforts 
with the JCP, the spokes- 
person said: "IBM has led or 
been an active participant in 
dozens of JCP projects and 
expects to remain extremely 
active in the JCP." 

Eric Chu, Sun's senior 
director for J2EE mobile and 
embedded systems, agreed. 

"I am seeing strong partici- 
pation. Over 10 percent of 
current JCP projects are led 
by IBM," he said. 

According to JCP Program 
Management Office records, 
IBM is leading 12 current 
JSRs and participating in 
56 others. 

'MORE SOLID NOW 

Sun's vice president of strategic 
alliances, Souheil Saliba, char- 
acterized the IBM-Sun rela- 
tionship as "more solid now 



than it was in the past." 

He also noted how much 
the Java community has grown 
since the previous licensing 
agreement was inked about 10 
years ago. 

"Java is bigger and broader 
than Sun and IBM," Saliba 
said. "We are talking about 
some 4.4 million Java develop- 
ers today." 

But Ronald Schmelzer, an 
analyst at ZapThink, said 



there are questions remaining 
about how tight a grip Sun 
should be allowed to have on 
the Java community. 

Sun's customers do not 
make up the majority of 
Java installations today, he said 
in a statement. Given IBM's 
vested interest in satisfying 
its own customers, "does it 
always make sense for IBM 
to run everything through 
Sun?"l 




Questions remain about how much 
control Sun should be allowed to 
have, says ZapThink's Schmelzer. 



ET 2, JAVA? 



At JavaOne, Sun changed the nomenclature for future editions of Java to drop the "2" from the 
designation, and also remove the decimal point from the version number. This follows an earlier move 
to remove the leading "1" from the version numbers. Thus, the proper chronology for Java 2 Standard 
Edition goes from J2SE 1.4 to J2SE 5.0 to Java SE 6. 

Similarly, J2EE 1.4 will be followed by Java EE 5, and J2ME will be succeeded by Java ME. There's 
no version number for the micro edition. 

Sun has a long history of playing games with its version numbers: Solaris 2.6 was followed by 
Solaris 7. But it's not the only company to do so: Apple's current operating system is Mac OS X 10.4, 
after all. 

And one mustn't forget that Microsoft's Windows 3.11 was replaced by Windows 95, then Windows 
98, and finally Windows Me. At the same time, Windows NT 4.0 was replaced by Windows 2000. Both 
product families merged into Windows XP. 

So, what's coming next? Perhaps next year we'll see Java SE X 10.7, XP Edition. 

-Alan Zeichick 
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Microsoft Puts AJAX World on Its Shoulders With Atlas 



< continued from page 1 

touchpoints beyond the brows- 
er and more relevance for the 
individual," he said. "There's 
HTML at one end, then mov- 
ing to rich islands running on a 



browser, then smart clients," 
which Microsoft will address 
with Avalon, its next-generation 
Windows UI framework that is 
expected to come out with the 
release of Longhorn, the com- 



pany's next iteration of the Win- 
dows operating system. 

The Atlas framework is built 
from JavaScript and is both 
server- and browser-agnostic, 
according to Shanku Niyogi, 



group program manager in 
Microsoft's Web and Tools 
Group. But, when developers 
use ASP.NET at the server tier, 
they can take advantage of 
ASP.NET capabilities such as 
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access to Web services, controls 
to integrate the UI controls in 
Atlas with server-side logic, and 
application services such as 
authentication and personaliza- 
tion, he explained. 

Of Dart's efforts, Guthrie 
said, "They have a number of 
really good controls that should 
work fine with Atlas. We want 
to provide a richer client 
JavaScript framework. The 
work is very complementary." 

Of Microsoft's efforts, Dart's 
president Michael Baldwin 
said, "Atlas, it seems to us, is 
kind of like COM+. A lot of 
things got pulled into the idea. 
It's very broad." Dart, he said, 
takes the approach of allowing 
developers to focus on server- 
side code and not have to know 
JavaScript. "VB, C#, C+ + 
developers can create applica- 
tions that we look at for the 
objects, and then we generate 
the JavaScript requests neces- 
sary to manipulate the objects 
on the client," he said. "Other 
AJAX products require you to 
write JavaScript to perform the 
manipulation." 

Bindows, according to MB 
Technologies CEO Yoram 
Meriaz, takes it a step further 
by offering a platform for devel- 
opers used to working in an 
object-oriented environment to 
create Web applications. "The 
problem with AJAX today for 
most developers is that it's a 
huge effort to go there. They 
must change the way they think 
about development." 

Meriaz calls the Bindows 
approach "AJAX plus a little 
bit," because the communica- 
tion can be either asynchronous 
or synchronous, and XML is not 
the only communications pro- 
tocol. There are ASP.NET con- 
trols, but Bindows is not limited 
to that platform, he said. 

"Creating a program is as 
easy as working with Java class- 
es," he said. "You're not just 
inserting widgets. You use 
inheritance, and can create cus- 
tom controls based on existing 
controls, so there is a lot of 
reuse. Organizations can man- 
age the development properly 
with testing and Q&A." 

"Most organizations cannot 
afford to learn the quirks 
between Firefox and IE. They 
look similar, but the differences 
are huge." Using existing staff to 
create Web applications, he 
claimed, is more cost-effective. I 
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FULLER RESIGNS BORLAND POSITION 



< continued from page 1 

mated quarterly revenues of 
between $65 million and $67 
million, with a loss of 24 cents 
to 26 cents per share. The com- 
pany also reported significant 
losses in 2003. 

According to chairman 
William Hooper, the board was 
disappointed with second-quar- 
ter results, despite seeing an 
increase in demand for Bor- 
land's application life-cycle 
management products, a move 
shepherded by Fuller with the 
acquisitions of TogetherSoft 
and Starbase in 2003. "The 
board has confidence in Scott 
Arnold to better position Bor- 
land to realize the potential of 
the application life-cycle man- 
agement market," Hooper said 
in a statement. 

At least one analyst was not 
surprised by the company's 
poor showing. Andrew Bin- 
stock, principal analyst at Pacif- 
ic Data Works and the Integra- 
tion Watch columnist for SD 
Times, has followed Borland 
over the years and said: "Bor- 
land's strategy of providing 
an enterprise tool chain was 
legitimate, but execution was 
poor. It acquired many good 
point products but never inte- 
grated them.... If you add 
Borland's lack of a competitive 
sales force, you have all the 
textbook elements for terrible 



A NEW PLAN 
FOR BORLAND 



Bob Coates has a plan for 
Borland to return to growth 
mode— spin off the legacy 
developer products and focus on 
the life-cycle tools. 

"Delphi and the other prod- 
ucts don't belong in Borland 
anymore," Coates said in an 
exclusive interview with SD 
Times late last month. "They're 
not getting the resources, and 
the company's not working that 
closely with developers any- 
more. Let top management 
focus on ALM products." 

Coates, a self-described "sig- 
nificant shareholder" and for- 
mer board member who said he 
has no interest in a fight for con- 
trol of the company, plans to 
offer his plan to the current 
board in early August. He did not 
indicate what his next step, if 
any, would be if the board 
rejects his plan. 

-David Rubinstein 



financial performance." 

Fuller will receive a cash 
payment of $1.2 million, 
according to documents filed 
with the Securities and Ex- 
change Commission, which 
also included a report that 



consolidation of Borland's 
European finance organization 
would cost between $500,000 
and $1 million more than ex- 
pected. Fuller had been earn- 
ing about $1 million annually 
and holds stock options. He 



will remain on the board of 
directors. 

Arnold cited the company's 
inability to close several large 
transactions in Europe among 
the reasons for the company's 
poor performance, while CFO 
Ken Hahn noted the company 
still has a cash position of 
roughly $190 million. 



As for JBuilder, the com- 
pany's Java integrated develop- 
ment environment that per- 
formed as poorly as the company 
expected in the quarter, Arnold 
said, "Commoditization is in full 
form and continues unabated. 
We plan to ship a JBuilder- 
on-Eclipse-type product in the 
first half of 2006."! 
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XML Injections: Are Your Web Services Under Attack? 



< continued from page 1 

that shows how a malicious XPath query 
can access a databases entire contents, 
not just the intended result, he noted. 

The iSEC tools, which have not yet 
been named, are expected to include a 
Web services fuzzer, which "asks for Web 
services and says, 'What functions do you 
have that I can attack?' " said Stamos. 

In addition, iSEC will demonstrate a 
Perl script that sends an XML parser an 
XML file large enough to launch a denial- 
of-service attack, as well as a Web services 
mapper, which is run against a Web serv- 
er to detect Web services that are difficult 
to find. iSEC was expected to make all 
three available online at www.isecpartners 
.com/research late last month. 

A key reason why Web services are 
vulnerable is that they reside in reposi- 
tories that are designed to be discovered 
automatically. The methods to invoke 
them are provided, noted Curphey. "You 
click on the service and pull down the 
WSDL," he said. 

Another factor is that the development 
tools to create Web services are so easy to 
use. "You write 12 lines and hit compile," 
said Scott Stender, an iSEC founding 
partner. By hiding the low-level function- 
ality from the programmer, the tools are 
hiding things that can be exploited, he 



explained. "You have this big blob of XML 
going up to the server, and [some devel- 
opers] may have no idea that XML is even 
involved." 

Even though that blob of XML can 
be exploited, XPath injections and other 
XML threats are nothing new, said Jee- 
hong Min, a lead developer at Parasoft, 
which makes application testing tools. 
"They are not really new forms of 
attacks," he said in a statement. "In 
essence, they are quite similar to SQL 
injections that have been customized to 
fit into the Web service paradigm, allow- 
ing a user to exploit Web services/XML- 
specific vulnerabilities." Min also noted 
that Parasoft s offerings can test for such 
vulnerabilities. 

But Web services attacks differ from 
SQL injections and other vulnerabilities 
found in Web apps in one fundamental 
way. "In Web apps, the user interface is 
the point of entry. But in Web services, 
there is no user interface," said Caleb 
Sima, chief technical officer and co- 
founder of SPI Dynamics, which makes 
app testing tools. 

That can make them difficult to find, 
said Mike Weider, founder and chief 
technology officer at Watchfire, which 
provides software and services to address 
application and other security threats. 
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"Web services are scattered throughout 
the enterprise," he said. "Our testing tools 
can find client-side Web services today," 
but other Web services have to be tracked 
down manually, he said, noting that 
Watchfire expects to extend its tools to 
support attacks unique to Web services. 

Weider said the issue of Web services 
security is on his radar screen, but at this 
point he isn't all that worried. "People 
haven't deployed Web services in a big 
way yet. At most companies they are still 
behind firewalls, and they are encrypted 
as well." 

FALSE ALARM? 

SPI Dynamics' Sima said the threat of 
Web services attacks is overblown. "When 
it comes to Web services security, we [as 
an industry] have actually done a good 
job. There is security around authentica- 
tion, schemas, encryption," he said, refer- 
ring to the WS- Security and other stan- 
dards. "I don't think there will be huge, 
new Web services attacks." 



By comparison, SQL injections and 
other Web application threats were a 
massive issue, largely because developers 
didn't take security issues into account 
until after the fact. "Thousands of devel- 
opers have made that mistake," said Sima. 

Foundstone's Curphey, who founded 
the Open Web Application Security Pro- 
ject, disagreed. Standards such as WS- 
Security and WS -Policy provide security 
mechanisms, he said. "But they don't 
address common vulnerabilities. None 
of them help people validate input." 
OWASP is a nonprofit foundation for 
finding and fighting the causes of inse- 
cure software. 

There is another reason to anticipate 
a rise in Web services attacks, said 
Wayne Ariola, Parasoft's vice president 
of corporate development. Developers 
are using Web services and XML as a 
technology to integrate legacy applica- 
tions. "People don't understand the 
[extent to which] Web services will 
expose their applications." I 



MICRO FOCUS CREATES STUDIO SUITE 



BY YVONNE L. LEE AND ALAN ZEICHICK 

COBOL compiler maker Micro Focus 
International believes that new COBOL 
apps should be written or maintained 
using a Windows-based environment, 
no matter where they're going to be 
deployed. To that end, the company is 
consolidating all its disparate develop- 
ment environments into a single suite, 
called Micro Focus Studio, that covers 
all target platforms, ranging from Linux 
to Windows to mainframes. 

"This thrust is about being able to 
move that application pretty much as is 
on new, contemporary platforms," said 
Ian Goldsmith, vice president of prod- 
uct management for Micro Focus. "We 
do it today with a mixture of technology, 
which we want to simplify." 

Micro Focus Studio is actually a suite 



of four products that Goldsmith said will 
ultimately be merged into a single offer- 
ing. The suite is composed of Mainframe 
Express, an environment for creating 
mainframe applications that can commu- 
nicate with Java and .NET apps and Web 
services; Server Express, an environ- 
ment for building COBOL software for 
Linux and Unix; Net Express, which tar- 
gets the .NET Framework; and Revolve, 
a change management system. 

The company is similarly merging two 
runtime platforms into a new system to 
be called Micro Focus Server. The 
merged runtimes are Application Server, a 
platform for deploying applications built 
using Net Express and Server Express on 
Linux, Unix and Windows; and Enterprise 
Server, a buffed-up runtime for high- 
performance transactional systems. I 
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Group Spec Work Leads Converts to Linux 

Efforts of OSDL, CELF to simplify embedded deployments seen as key to surge in adoption 



BY EDWARD J. C0RREIA 

Give credit where credit is due. 
Recent months have seen the 
adoption or expansion of Linux 
deployment by several once-pro- 
prietary operating-sys- 
tem vendors, including 
Nokia, PalmSource and 
Wind River Systems. According 
to those companies, the move to 
Linux was made more attractive 
as a direct result of the efforts of 
organizations such as the CE 
Linux Forum (CELF) and Open 
Source Development Labs 
(OSDL), whose specifications 
have simplified deployment of 
Linux or made it more efficient. 
"[CELF] has been working 
for about two years, so now it is 
time that those activities start to 
produce results," said Ari Jaak- 
si, director of open-source soft- 
ware at Nokia, which recently 
released a Linux-based Web 
tablet, for the first time expand- 
ing its Linux strategy beyond its 
high-end network server prod- 
ucts. "The goal of those activi- 



ANALYSIS 



ties is to modify Linux and oth- 
er open-source technologies to 
be suitable for consumer 
devices. And now is the time. 
Linux and other open-source 
products have come to 
the point that they are 
stable and robust 
enough," he said, noting that 
issues such as boot-up time and 
power consumption have been 
sufficiently addressed. 

"One of our activities has 
been to try to narrow the num- 
ber of choices so we don't go out 
to the grand world of open 
source and find different solu- 
tions to common problems," said 
Scott Smyers, chairman of 
CELF and vice president of the 
network and systems architec- 
ture division of Sony. "[Recently] 
it occurred to me that we finally 
have figured out what we're 
doing, and we're making notable 
progress," he said. 

Among the earliest and most 
publicized conversions was 
Wind River, which abandoned its 




Wind River's Linux must be 
consistent with distributions of 
other organizations, says Fanelli. 

failed BSD strategy in favor of 
Linux about three years ago. The 
company now develops its own 
Linux distribution based on 
OSDL's Carrier Grade Specifica- 
tion 2.0, which it targets at 
telecommunications and net- 
working gear. "I'm really pleased 
that we're seeing companies in 
ancillary industries and segments 
follow our lead," said Wind Riv- 



er president and CEO Ken Klein 
of the increased use of Linux in 
handheld devices. "It's not just 
validation of our strategy; it gives 
us hope," added chief marketing 
officer John Bruggeman. 

"It's important that we deliver 
a system that is consistent with 
what is coming out of kernel.org 
as well as affiliated bodies such as 
[OSDL] and CELF," said John 
Fanelli, vice president of product 
management and planning at 
Wind River, speaking of the 
importance of deployment specs. 

HAND OVER LINUX 

While Wind River continues to 
sell its flagship VxWorks RTOS 
in addition to its new Linux- 
based offerings, a perhaps more 
risky strategy is that of Palm- 
Source, which has halted devel- 
opment of the Palm OS kernel 
that has served it for more than a 
decade in favor of Linux. The 
company in May demonstrated 
an alpha version of the Palm 
interface running atop the mLin- 



ux kernel it acquired with China 
MobileSoft; an internal beta is 
expected by year's end. General 
release is set for mid-2006. 

According to Michael Mace, 
chief competitive officer at 
PalmSource, Linux-based con- 
sortia such as CELF are helpful 
for more than the specifications 
they generate. "The forum 
reflects the fact that there's inter- 
est in Linux, and joining gets you 
into conversations with people. 
Once we started talking about 
Linux, a lot of doors opened that 
were not open previously." 

ODSL CEO Stuart Cohen 
meanwhile, confirmed that his 
organization is considering the 
development of handheld device 
specs. "The mobile phone mar- 
ket is certainly interesting; it's an 
area where there is great oppor- 
tunity for Linux. We are looking 
at [forming] a working group, 
[but] we have not come to any 
conclusions." OSDL will make 
its decision, he said, by the end 
of the year. I 



FROM BACK SEAT TO DRIVER'S SEAT 



Ken Klein, Wind River Systems 



In June Wind River Systems announced 
that it would develop its own distribution 
of Linux, completing a three-year transi- 
tion during which the company trans- 
formed its position from fierce opponent 
of open source to total immersion and 
commitment to driving its direction. 

Ken Klein, Wind River's chairman, 
president and CEO, and chief architect of 
the turn-around strategy, spoke with SD 
Times about his company's transition to 
Linux and how he plans to drive Linux 
development through participation in 
organizations such as the Eclipse Foun- 
dation, OSDL and the CE Linux Forum 
(CELF). 

SD Times: Wind River has had a long tra- 
dition of offering strictly proprietary 
solutions. Was there resistance to the 
change to Linux internally? 

Ken Klein: We were beaten and bloody 
when I joined the board. And as a result I 
found this organization to be very recep- 
tive to change. They tried a lot of differ- 
ent things that didn't work. So they were 
looking for someone to tell them what to 
do. I found more of that than dissension. 
What about resistance among customers? 
Early on there was concern as to how 
serious we were. But at this point we've 
eliminated any ambiguity. It's clear that 
Wind River is serious about Linux, and 
we've taken an open approach to our Lin- 
ux-based platforms; you can see exactly 



what's inside. And in terms of the devel- 
oper suite, we've not only embraced 
Eclipse, but we're driving it through our 
membership and our Device Software 
Development Platform project, which 
makes Eclipse optimized for developing 
device software applications. 
The company in February 2004 began 
developing a Linux distribution. Now 18 
months later, it's ready. Was it harder 
than you expected? 

I don't know that it was harder or easier; 
it was certainly a challenge. Things that 
are difficult take time, and we took time 
doing it. 

The industry was very much a Wild 
West; people were rolling their own dis- 
tributions and finding that it wasn't so 
easy. They were having problems with 
performance, with driver compatibility 
and building BSPs. We were able to 
leverage our core competencies and 
come out with a set of products that I 
think are world-class. And yes, great 
things take time. But I think our timing 
was guite good because we were able to 
leapfrog the industry and go directly to 
kernel 2.6, and I think that's been a big 
advantage. 

An advantage why, because the pre- 
emptable 2.6 kernel is more amenable to 
being embedded? 

Absolutely, yes. Rather than having to put 
2.4 through unnatural acts, we were able 
to take advantage of a more robust kernel. 



Isn't there some irony that Wind River is 
now leveraging the work of competitor 
MontaVista? 

Welcome to the world of open source. 
But one of the things we're not copying 
is their business model. They're still 
challenged with that. Our subscription 
model leverages the best of open source 
and proprietary together; we're not tak- 
ing a religious point of view. 

Our IDE lets customers use both, 
even at the same time if that's reguired. 
Why is Linux an attractive choice for 
embedded devices? 

For companies to be able to differentiate 
devices, they have to have differentiat- 
ed software. They can't [develop] a mil- 
lion lines of code in nine months and 
maintain guality and reliability without 
changing their approach from building it 
all in-house to buying and innovating on 
top of that. 

Linux represents another choice for 
customers, and technically it's a very 
good fit for specific types of applica- 
tions. 

What types of applications? 
Where there's a need for lots of device 
support, where there's a lot of constraint 
in terms of memory footprint, the need 
for hard real-time performance, Linux is a 
great fit. 

How will Wind River contribute to Linux 
development? 
There are a lot of important technologies 




for mobile devices: power management, 
fast boot, small footprint. And we have a 
lot of expertise in those areas, both in 
terms of what we're doing with Linux and 
for years with VxWorks. 

So we're in a unigue position to help 
OSDL and other industry consortia to 
migrate and move Linux to a better place 
to be able to address these kinds of 
devices and their unigue reguirements. 
And we've been very involved in the 
CELF. 

We need to be leading the charge in 
Linux, not just following by driving Linux 
into devices. And specifically, driving the 
right operating environment for the right 
application. 

So our approach wasn't an abandon- 
ment of proprietary, rather it was the 
embrace of standards— allowing cus- 
tomers to standardize on choice. 

-Edward J. Correia 
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Complexity, schema incompatibility, large document sizes create problems 
for developers who need to untangle it all for business integration ^ ; 



BY JENNIFER DEJONG 




It looked like an easy answer to a 
long-standing problem: how to get 
multiple, disparate systems to talk, 
without having to hand-code each 
connection. But as Extensible 
Markup Language (XML) gains wide use 
as a data integration technology, "easy" is 
no longer the operative word. 

"Complex" is more like it. Unforeseen 
problems — from unnecessarily large 
XML documents, to incompatible schema 
versions, to the sheer volume of docu- 
ments crossing the wire — are surfacing. 

"XML is much more complex than its 
origins," said Charles Goldfarb, the 
inventor of Standard Generalized 
Markup Language (SGML), XML's pre- 
decessor. 

XML backers aren't questioning the 
language's importance, or its future as a 
data integration technology. But they are 
collectively acknowledging — some more 
reluctantly than others — that there are 
some significant kinks to work out. 

What's more, they are beginning to 
talk about what it will take to ensure faster 
transmissions, leaner and meaner XML 
documents, and better management of 
schemas, style sheets and other artifacts 
associated with the documents. 



SCHEMA MADNESS 

Companies tend to standardize on specif- 
ic XML schemas, essentially sets of rules 
that govern the structure, content and 
semantics of an XML document. 

But over time, schemas evolve and 
companies merge, resulting in multiple 
versions of the same schema, said Theo 
Beack, chief SOA architect for Software 
AG, a Darmstadt, Germany-based com- 
pany that sells a server for managing 
XML documents, among other offer- 
ings. That can result in error messages, 
such as: "Document doesn't conform to 
the provided XML schema," he said. 

Some changes, such as adding a trans- 
action date to the schema layout, may 
have no impact. But others, such as omit- 
ting a field, can grind transmission to a 
halt, said Beack. "We think of XML as 
providing loose coupling, but there is still 
some tight coupling that has to occur." 

There is a lot of chaos around the ver- 
sioning of schemas, echoed Bob Picianno, 
vice president of database servers at IBM. 
"People aren't realizing the problems they 
are going to run into." 

Schemas aren't the only obstacle. 
Developers also have to manage the style 
sheets associated with XML documents, 



which transform data from one format to 
another, enabling the consuming appli- 
cation to "read" the document. And they 
have to apply proper security measures, 
such as encrypting data, managing access 
and digitally signing documents, noted 
Beack. 

BATTLING BIG DOCS 

To a large extent, the XML integrated 
development environments, such as 
XMLSpy, from Beverly, Mass.-based Alto- 
va, and Stylus Studio, from DataDirect 
Technologies, in Bedford, Mass., ease the 
creation of XML documents, automating 
the coding, editing, debugging, transfor- 
mation and validation process. But tools 
are a double-edged sword. 

On the one hand, they automate 
processes that would be painstakingly 
tedious to code by hand. But they also 
shield developers from the size and 
scope of the documents they are creat- 
ing, which can result in unnecessary 
complexity that slows transmission. 

"XML documents are much more 
complicated than the applications they 
are integrating," said Burke Cox, CEO of 
JNetDirect, which makes data integration 
tools based on XML. "You're not just 



sending an XML document. Because the 
documents get parsed against a schema, 
you're also sending a lot of metadata." 

In one sense, big documents come 
with the territory. Consuming applications 
don't use all of the data in every XML 
document. They pick and choose the 
information they need. This is what XML 
was designed to do, said Cox. "The sup- 
ply-chain application looks at the line 
items [in a purchase order, for example]. 
The finance system looks at the total cost." 

But there are also cases where devel- 
opers simply add unnecessary data 
because the tools make it easy to do so. 
They take a database report, convert it to 
XML and insert the resulting data without 
bothering to clean it up, said Software 
AG's Beack. Then, to compound matters, 
they might also attach video clips, digi- 
tized fingerprints and other large files. "I 
don't know why people create such large 
XML documents, but they do," he said. 

In part, it's just the nature of new tech- 
nologies, said IBM's Picianno, noting that 
people are making with XML the same 
mistakes they made with HTML, when 
the Web was new. "There were pages that 
took forever to load, with too many graph- 
► continued on page 30 
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The Trouble With Complexities of XML 



< continued from page 29 

ics, too many links to other documents." 

Of course, XML tool makers don't see 
their offerings as part of the problem. Nor 
are they willing to characterize the lan- 
guage itself as too complex. "People are 
using XML to do some complex things," 
said Tim Hale, director of marketing for 
Altova. "But I don't think of XML itself as 
being complex." The tools simplify a com- 
plex data integration problem, he said. 
And they generate error-free code, which 
makes documents more efficient. 

The most successful XML documents 
are "leaner and meaner," said Jerry King, 
DataDirect's vice president of XML prod- 
ucts. In part, this is a matter of adopting 
best practices. "You have to think about 
the business purpose of the document and 
structure it accordingly. You don't just 
insert some crazy query someone built 10 
years ago," he said. But concerns about 
overhead aren't unique to XML. They 
arise with any kind of information 
exchange, he said. "Overhead or not, XML 
is going to happen. It fundamentally 
makes possible data exchange," said King. 

BINARY XML? 

Solutions to reduce XML's complexity 
already exist today, though many have yet 
to be widely adopted. One strategy, said 
Beack, is better management of XML 



documents and artifacts associated with 
them at development time. Companies 
need to formalize processes for applying 
schemas, style sheets and security poli- 
cies, and they need to manage that infor- 
mation in a single repository, he said. 

Also critical is a more efficient way for 
XML documents to pull data from rela- 
tional databases and put it back in once it 



has been processed, said JNetDirect's Cox. 
"It's difficult to return data to its ori- 
gins," he said. "An XML document is a 
disconnected data set, and there's always 
a danger of reinserting stale data." Also 
essential to reducing the overhead associ- 
ated with large XML documents is the 
ability to directly store XML documents 
in relational databases, without having to 



parse or map them, said IBM's Picianno. 
And, said Cox, there's another idea 
emerging: Binary XML. "If you are sure 
your schema won't change, you can build 
a binary transport around the XML docu- 
ment, pulling all the metadata out," he 
said. It seems to run counter to XML's 
flexibility. "But in the next year or so, we 
will see that change start to take place." I 



Has XML Lost Touch With Its Roots? 



It was meant to be readable by humans 



BY JENNIFER DEJONG 

Unwieldy documents, incompatible 
schemas and slow transmission speeds 
aren't the only troubles with XML. Some 
backers say a more fundamental problem 
has occurred since Extensible Markup 
Language has been adopted as a data 
integration technology. XML was meant 
to be readable by human beings. 

It has lost touch with its roots, 
explained Charles Goldfarb, the inven- 
tor of XML's predecessor, Standard Gen- 
eralized Markup Language. But the 
people who seized on XML as an inte- 
gration tool are oriented toward com- 
puter-to-computer communication. 

"For them, XML is a syntax. If they 



can code it accurately, parse it right and 
generate it correctly, the problem is 
solved," said Goldfarb, author of "The 
XML Handbook." 

In theory, there is nothing wrong with 
the notion of XML as a syntax. After all, 
the point of data integration technologies 
is to enable computers to handle tasks, 
such as processing a purchase order, so 
human beings don't have to. But human 
readability remains an essential goal for 
XML. 

"When a transaction fails, you have to 
be able to go in and look at the data," said 
Burke Cox, CEO of JNetDirect, a Reston, 
Va. -based company that makes XML- 
based data integration tools. "[The lan- 



guage] loses a lot of strength if you cannot 
open an XML document and intuitively 
know its value. The more black box you 
make it, the more opportunity for fatal 
errors." 

The lack of human readability is a 
direct result of complex data generated by 
the tools used to create XML documents, 
Cox said. But without such tools, XML 
cannot succeed as a data integration tech- 
nology. "No one is going to [hand] write 
the SOAP code for one little purchase 
order," he said. "It's really a question of 
balance." 

The tools need to be tempered by the 
notion that XML is ultimately for people, 
added Goldfarb. "It's also an education 
problem. But none of our institutions are 
addressing it." I 
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EDITORIALS 

Borland's New Opportunity 

Dale Fuller's resignation as president and CEO of 
Borland offers the embattled firm an opportunity. 
For the past several years, the company has been transi- 
tioning from being a provider of developer productivity 
tools to being a broader supplier of enterprise application 
life-cycle management software. 

This transition hasn't gone as well as the company 
would have liked. 

Borland's financial losses continue to disappoint not 
only the board of directors but Wall Street as well: At the 
time of Fuller's departure, the stock was down nearly 50 
percent from its 52-week high. Clearly, a change in either 
strategy or execution is required. 

Despite the company's recent introduction of a new 
technical strategy, called "software delivery optimization," 
and a set of role-based ALM products, called Core SDP, 
the future of Borland is in doubt. As the interim CEO, 
Scott Arnold, admitted, the company's best-known prod- 
ucts are IDEs, and the market for integrated develop- 
ment environments like JBuilder and Delphi is being 
commoditized. 

While the company says that it's committed to its ALM 
strategy, and reports that big customers are adopting its 
Core product family, it's uncertain if this will be sufficient 
to allow Borland to continue as a viable player in a crowd- 
ed market, especially now that platform giants like IBM 
Rational and Microsoft are investing heavily in offering 
competitive ALM solutions. As tools continue to be per- 
ceived as platform add-ons, it's going to get harder for 
Borland to convince customers not only that its technolo- 
gy is superior, but also that it's advantageous to stick with 
an independent provider. 

Another option remains attractive: acquisition by a 
platform provider, or by a larger firm that's not dependent 
solely on tools revenue. Borland's been down that road 
before. Just before the tech bubble popped, the company 
announced that it was going to be purchased by Corel. 
That deal fell through, but given Borland's broad technol- 
ogy portfolio, large customer base and low stock price, the 
company looks ripe for the picking. That type of exit strat- 
egy may be Borland's best opportunity. 

Making XML Leaner, Meaner 

Who would have foreseen it? XML initially was con- 
ceived of as a way of adding platform-independent 
contextual metadata to static content. Today, it's being 
used for everything from Web services to enterprise data- 
bases to multimedia delivery. The foundations are creak- 
ing under the complexity of modern schemas and the 
tremendous size of many dynamically generated docu- 
ments and messages. 

Part of the challenge is that it's too easy for developers 
to throw everything — including the kitchen sink — into an 
XML document. But bigger files mean slower perfor- 
mance, and as XML documents proliferate and multiply, 
the drag caused by excess metadata bloat could increase 
exponentially. 

The solution: Scheme before you schema. Just because 
you can put everything into an XML document doesn't 
mean you should put everything in there. The bandwidth, 
and CPU utilization, you save might be your own. I 



Surviving the Maginot Mindset 



Without software, life as we 
know it would grind to a 
halt. There would be no Web, 
no e-commerce, and no way to 
manage today's incredibly 
complex business and manu- 
facturing environments. 

In biological terms, software 
has become a cornerstone 
species: Everything else bene- 
fits from it; everything else 
depends on it. 

As a software designer for 
more than 25 years, I find the 
growing importance of software 
immensely gratifying. I also 
find it an awesome responsi- 
bility — a responsibility that the 
development community is fail- 
ing to embrace. 

The fact is, software is like a 
teenager on the cusp of adult- 
hood: It's grown immensely in 
the past few years, but we are 
just beginning to glimpse its 
true potential. And, to achieve 
that potential, it must clean up 
its act. 

In practical terms, software 
developers and managers must 
ramp up their efforts to ensure 
the products they unleash 
upon the world aren't compro- 
mised by poor design, bad 
code or malevolent hackers. 
Developers must assume that, 



in today's increasingly complex 
and highly connected environ- 
ments, the unexpected will 
occur. 

From day one, they must 
embed the appropriate safe- 
guards into their applica- 
tions. The world, 
with its profound 
reliance on soft- 
ware, will demand 
no less. 



THINK LOG FENCE 

The situation to- 
day is reminiscent 
of the 1930s, when 
France completed 
a masterpiece of 
military engineering called 
the Maginot Line. Bristling 
with more than 50 forts, it 
provided the country's eastern 
frontier with a virtually im- 
pregnable line of defense 
until, one day, when the Ger- 
man army simply walked 
around it. 

Sadly, when it comes to 
software reliability and securi- 
ty, the "Maginot mindset" 
reigns supreme. 

Applications, even operating 
systems, are still being designed 
with the tacit — and erro- 
neous — assumption that bugs 




and malware won't get past the 
verification efforts, authenti- 
cation protocols and other 
protective measures that con- 
stitute software's Maginot Line. 
(Though, admittedly, even 
these measures are often em- 
ployed halfheartedly, 
if at all. Think log 
fences rather than 
stone fortresses.) 

The reality on the 
ground is very differ- 
ent. Hard-to-detect 
programming errors 
make their way past 
test and verification 
teams and into final 
products — as anyone 
who has experienced the Blue 
Screen of Death will attest. 

Viruses and hackers, mean- 
while, can infiltrate a net- 
worked system, using tactics 
that the system's designers 
didn't, or perhaps couldn't, 
anticipate. As systems every- 
where become more software- 
intensive and more connected, 
the potential for such vulnera- 
bilities will only increase. 

And not just on desktops 
and servers, but in billions of 
embedded devices as well. 

What's at stake here isn't 
simply the protection of appli- 



Letters to the Editor 



'GUARANTEED' SOFTWARE 

In the July 1 Guest View col- 
umn [page 36], two embedded 
Linux promoters reveal "Eight 
Harsh Truths About Embedded 
Software Risks." I take excep- 
tion to their first two "truths," 
namely that there is "no bug- 
free software" and there are "no 
guarantees of quality." 

Every modern commercial 
aircraft is flown entirely by soft- 
ware. The pilot's "controls" are 
merely computer input devices. 
Despite total dependence on 
software reliability, no commer- 
cial plane crash has ever been 
caused by a software failure. 
That is "bug- free software." 

The authors imply that to 
produce software that is prov- 
ably correct, it is necessary "to 
reduce functionality to an unus- 
able minimum." The software 
that controls the flight-critical 
systems in a modern aircraft 
(engine, control surfaces, dis- 
plays, navigation, traffic colli- 
sion avoidance systems, etc.) 



requires millions of lines of 
source code. This functionality 
is not "an unusable minimum." 

The authors claim that none 
of the methods proposed for and 
promoted as making software 
more reliable have been scientif- 
ically validated. They are appar- 
ently unfamiliar with the 
RTCA/DO-178B Level A soft- 
ware design, development, doc- 
umentation and testing standard. 
All software whose failure could 
cause a catastrophic failure of an 
aircraft must be certified to DO- 
178B Level A before the FAA 
will allow the plane to fly. This is 
a "guarantee of quality." 

Developers who write mil- 
lions of lines of software in 
which not even one failure can 
be tolerated can't use embedded 
Linux, Eclipse and GNU, 
because these tools don't meet 
the safety assurance require- 
ments of DO-178B Level A. 
These days, software for new 
aircraft, such as the Boeing 787, 
Airbus A380 and Lockheed 



Martin F-35 joint strike fighter, 
is developed with our MULTI 
integrated development envi- 
ronment and INTEGRITY- 
178B real-time operating sys- 
tem. We are the first and only 
independent software supplier 
to have developed and certified 
an operating system to DO- 
178B Level A with in-house 
experts. 

The first of "The Eight Harsh 
Truths About Embedded Soft- 
ware Risks" should be that there 
are a multitude of experienced 
embedded Linux/Eclipse/GNU 
developers in India, China and 
Russia who are willing to work 
for one-fifth as much as an 
embedded developer in the 
United States. 

U.S. -based embedded devel- 
opers must be able to do some- 
thing critical for their employers 
that no embedded Linux/ 
Eclipse/GNU developer can do: 
produce high-profit- margin, 
bug-free products and get them 
to market long before offshore 
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cations or data. Rather, the very 
ability of software to usher in 
the next wave of innovation 
hangs in the balance. 

Take the automotive indus- 
try, for instance. A new gener- 
ation of in-car telematics and 
infotainment devices is hitting 
the streets, offering everything 
from CD ripping to 9-1-1 
emergency dialing to real-time 
traffic updates. 

To succeed, such devices 
must connect to the outside 
world, whether to download 
updated Bluetooth stacks or 
to access new multimedia 
codecs. 

Moreover, consumers will 
expect these systems to inter- 
act with a variety of other per- 
sonal devices, including MP3 
players, USB storage keys and 
digital media cards. 

The question is, how can 
critical software components in 
such an environment be updat- 
ed safely? And how can the 
existing behavior of the telem- 
atics device be guaranteed, 
even when it downloads soft- 
ware or data from a potentially 
untrusted source? 

Similar challenges are being 
posed by Web services. 

On the one hand, they hold 
immense potential for simplify- 
ing the task of monitoring, 
configuring and provisioning 
remote devices, from industrial 



controllers to telematics sys- 
tems to HVAC control units. 

At the same time, this con- 
nectivity opens the possibility 
that such devices will be infil- 
trated by potentially malevo- 
lent parties or applications. 

HELP'S ON THE WAY 

Fortunately, solutions are at 
hand. There are approaches 
to persistent storage, for 
instance, that can place "bub- 
bles" around files and memory, 
thereby preventing unautho- 
rized access by rogue pro- 
cesses. Likewise, there are 
approaches to partitioned 
scheduling that can prevent 
poorly written or malicious 
code from starving critical 
tasks of CPU time. Using such 
approaches, a device can con- 
tinue to behave correctly, even 
if it has downloaded code that 
is trying to launch a denial-of- 
service attack. 

And let's not forget protect- 
ed-mode computing. It's a crit- 
ical first step to ensuring the 
reliability of virtually any soft- 
ware-rich device. 

Yet, many device designers 
and application developers, 
especially those in the embed- 
ded space, still fail to embrace 
memory protection, even 
though it can contain faults 
and limit errant processes 
from corrupting the code or 



data of other processes. With 
the proliferation of low-cost, 
MMU-enabled embedded 
processors, such protection is 
becoming increasingly afford- 
able. In fact, developers of 
connected devices must seri- 
ously ask whether they can 
afford not to use it. 

Of course, I don't think for 
one minute that the above 
techniques serve as a substi- 
tute for best development 
practices. Developers must 
also employ every tool and 
methodology at their disposal 
to ensure that their code 
is clean, modular, efficient, 
thoroughly tested and well 
protected. 

The problem is that no one 
has developed a method to cre- 
ate code that is 100 percent 
bug-free. And no test suite can 
possibly exhaust every scenario 
that a complex software system 
may encounter, partially be- 
cause the number of potential 
scenarios can, in such systems, 
be almost limitless. 

Thus, despite all reasonable 
precautions, faulty code or 
disgruntled hackers can find 
their way into our systems. 

Rather than pretend this 
won't happen, I suggest that 
we, as software developers, 
designers, and managers, 
adopt a "mission critical" 
mindset and build our systems 



to contain — and intelligently 
recover from — such problems. 
Never assume the Maginot 
fortifications will hold. In 
short, we must adopt a split 
personality. First, do every- 
thing possible to ensure prob- 
lems won't occur. Then, 
assume they will occur anyway, 
and take appropriate mea- 
sures. As a cornerstone 
species, software is too impor- 
tant to be created any other 
way. 

SPOTLIGHT ON SOFTWARE 

Until recently, advancements 
in computing have been riding 
on the back of hardware and 
chip design. But as Moore's 
Law slowly loses steam, soft- 
ware is moving to center 
stage. 

From here on, it is software 
that will drive innovation — 
provided it's designed with 
the rigor, forethought and 
safeguards commensurate 
with its burgeoning impor- 
tance. 

Goodbye, bloatware. Good- 
bye, Blue Screen of Death. 
Hello, best practices and self- 
healing systems. I 

Dan Dodge is CEO of 
embedded developer QNX 
Software Systems, which 
makes the Neutrino real-time 
operating system. 



embedded Linux/Eclipse/GNU 
developers flood the market with 
low-cost, bug- ridden knockoffs. 

Embedded Linux vendors 
pour out propaganda that assures 
everyone that bug-free software 
with guaranteed quality is not 
possible to protect their profits. If 
people ever found out that every 
software system could be reliable, 
they would demand reliability, 
even from systems upon which no 
lives depend. And then the 
embedded Linux vendors would 
be out of business. 

Dan O'Dowd 

Founder and CEO 

Green Hills Software 

CORRECTION 

The US$495 edition of Texas 
Instruments' Code Composer 
Studio Platinum targets the 
company's C2000-series chips. 
A July 15 article misstated the 
supported targets. 

Letters to SD Times should include the 
writer's name, company affiliation and 
contact information. Letters become the 
property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 



How Many IT Workers Are p^ VYATCH 

Dissatisfied With Their Salary? 



Spending long hours solving complex 
problems is nothing new to IT workers. 
But one study shows that this group 
is becoming increasingly dissatisfied 
with their compensation. 

Nearly 4 out of 10 IT workers are 
unhappy with their pay, according to 
the Enterprise Systems Salary Survey 
2004, a study of 1,130 U.S.-based enter- 
prise IT sites published by Enterprise 
Systems, an online publication for the 
mainframe and server markets. IT 
workers are defined in the study as 
application programmers, system and 
programmer analysts, and system, 
network and database administrators. 

Almost as many IT managers are dissatisfied, 
the study showed. Slightly more than one-third 
of this group— which includes development managers 
as well as those in other IT departments such as 
data center operations and help desk, ClOs, IS 
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directors and vice presidents— believe that they 
should be earning higher pay. 

What's more, for IT workers in general, salary 
satisfaction on the whole decreased from 63 percent 
in a 2001 survey to 58 percent in 2004. 






Source: Enterprise Systems 
www.esj.com 
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The True Way of Programming 



What do predicate dispatch, 
PROLOG and Cv chords have in 
common? While "I haven't used any of 
them" is probably a common answer, a 
better one is that each turns hard prob- 
lems into surprisingly tractable tasks by 
similar mechanisms: a series of declarative 
assertions, all of which need to be true 
before program flow continues on. 

With unit-testing, progress becomes 
dependent on "binary quality gates" — 
breaking the test suite, even when 
adding new functionality, does not count 
as progress. This attitude has broad 
effects on one's approach: Designs 
change, time estimates change, code 
confidence changes. Since a test suite is 
essentially a huge number of assertions 
about the state of the program at various 
junctures, testing becomes a function of 
the quantity and quality of these blocks 
of assertions. 

In Cv's "chords," normal methods can 
be specified to block unless or until some 
set of async methods has been called. 
The asynchronous messages carry state; 
the "chords" (the set of method signatures 
and a body) effectively synchronize multi- 
ple threads. The syntax is quite straight- 
forward, and suddenly this huge problem 
area becomes much more tractable. Like 
blocks of assertions in unit-testing, a 



chord signature uses easy-to-read state- 
ments to reassure the programmer that 
"it must be the case that the state of the 
system is such and such...." 

Transferring program flow to a 
method is called "dispatching," and 
Cv's chord facility is a refinement of 
"object-oriented single dispatch," the 
facility by which methods can have the 
same name but are distinguished by 
the types of the argu- 
ments (including the hid- 
den this argument that 
contains the containing 
object). 

"Predicate dispatch" is 
a more general refine- 
ment of the idea intro- 
duced in the late 1990s by 
Michael Ernst, Craig 
Kaplan and Craig Cham- 
bers: Instead of dispatch- 
ing based on a single 
strategy of matching arguments types or 
patterns, generalize the strategy so that 
dispatch can be based on evaluating any 
type of Boolean predicates. So object- 
oriented dispatch can be seen as a 
bunch of predicates, "argument X is 
type Y," while chords combine that with 
"method Z has been called." This makes 
hard problems more tractable because 




of a strategy of introducing a set of 
declarative assertions. 

Which brings us to PROLOG. Ah, 
PROLOG. My one true love. I never 
should have abandoned you: I was 
young and foolish and C seduced me 
with curly brackets and easy access to 
forbidden regions. PROLOG takes the 
idea of using assertions to control pro- 
gram flow to its ultimate level. 

Every PROLOG statement is 
a predicate; the execution 
engine attempts to find a combi- 
nation of data and predicate 
clauses that evaluate as one big 
"true." Input and output occur 
as side effects, and program flow 
will actually back up and try to 
re-execute with variables set to 
their next alternate values. 

In effect, a PROLOG pro- 
gram runs as a depth-first 
search of the problem space. 
Once you get used to the mindset, it 
allows you to solve a large set of prob- 
lems in a remarkably intuitive way. I 
wouldn't say that it's the most intuitive 
way for every type of problem, but in 
combination with the imperative style, 
it works well. 

This need to pair blocks of assertions 
with something else, is one of two things 



that camouflage the fundamental power 
of "blocks of assertions." Assertions test 
state, and programs manipulate state. 
This is a can of worms, especially for those 
who still look to fields within objects as 
the best place to store that state. 

One thing that I've noted about unit- 
testing discipline is that it shifts one's 
programming style toward the function- 
al programming model of returning val- 
ues rather than setting state in an 
object, as returned values are easier to 
test than state tucked away in the priva- 
cy of an object. 

The other camouflage is OR. Work- 
ing through alternatives is, of course, 
the primary task of program control, but 
once you begin placing ORs in line with 
your assertion blocks, they lose their 
facility to provide mental clarity. They 
are no longer checkpoints that provide 
certainty, but are now just another point 
to ask, "Exactly what is the state that got 
us here?" 

Assertion blocks and a move away 
from shared-state concurrency are not 
tools per se, nor are they patterns, nor 
are they language-specific. Perhaps 
they are "idioms." But more important 
than their label is their surprising facil- 
ity for making hard problems easier. 
See if they can help with your next 
stumper. I 

Larry O'Brien is a technology consultant, 
analyst and writer Read his hlog at 
www. knowing, net. 
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Illegal Swapping Networks Go Down 9-0 



As its recent term wound to a close, 
the U.S. Supreme Court issued 
a string of controversial, split decisions. 
One decision, MGM Studios Inc. v. 
Grokster Ltd., however, was neither 
controversial nor split. The justices 
voted 9-0 to penalize trafficking in pirat- 
ed works. The decision is worth thought- 
ful consideration. 

It involved two networks designed to 
share software: Grokster and Stream- 
Cast Networks. Portraying the compa- 
nies as mere providers of peer-to-peer, 
file-swapping networks, defenders 
disingenuously championed the view 
that the companies could not be held 
liable for what their customers did with 
the software. In essence, they argued, 
the two companies were akin to ISPs: 
What travels over their wires and for 
what purposes is not up to them to 
patrol. However, this argument was 
scuttled not by the Supreme Court, but 
by the companies themselves. In fact, 
both of them had promoted the use of 
their networks for illegal distribution of 
copyrighted works. 

The basic operation of the networks, 
per the decision, goes something like 
this: "[T]he user's request goes to a 
computer given an indexing capacity by 
the software and designated a super- 
node [which contains] temporary index- 



es of the files available on the comput- 
ers of users connected to it. The super- 
node (or indexing computer) searches 
its own index and may communicate the 
search request to other supernodes. If 
the file is found, the supernode disclos- 
es its location to the computer request- 
ing it, and the requesting user can 
download the file directly 
from the computer located. 
The copied file is placed in a 
designated sharing folder on 
the requesting user's comput- 
er, where it is available for 
other users to download in 
turn, along with any other file 
in that folder." 

Had the networks stopped 
there, they might have avoid- 
ed the wrath of the court. 
They might even have been 
able to assert the "we can't be held 
responsible for users' actions" defense, 
despite enormous evidence that upward 
of 90 percent of files were illegally 
being exchanged. But, of course, they 
didn't stop there. They made them- 
selves unsympathetic parties by promot- 
ing the software actively for illegal 
exchanges of copyrighted material. This 
is factual and part of the evidence that 
came up at the trial. 

For example, as soon as Napster was 



Integration Watch 




closed down, StreamCast released 
OpenNap, software that did the same 
thing, and then attempted to persuade 
Napster users to resume file-swapping 
on its site. The CTO for OpenNap even 
went on record saying: "[T]he goal is to 
get in trouble with the law and get sued. 
It's the best way to get in the new[s]." 

StreamCast executives, in 
an attempt to get more 
users — the company makes 
money by running ads when 
its free software is in use — 
tried to find ways to place 
more copyrighted material 
on its network. In fact, it even 
pointed users to the "Top 40" 
section, where it knew 
all songs were copyrighted. 
These companies were active 
promoters of illegal activity, 
not passive suppliers of infrastructure. 
For purposes of the effects of the deci- 
sion, this one fact is both good and bad. 
It's good because the decision makes 
that kind of obvious promotion of pira- 
cy completely illegal. It's bad because 
the decision applies only to this aggres- 
sive kind of behavior, and so law- 
abiding infrastructure providers are left 
uncertain of their fate. 

The Supreme Court, however, did 
dispose of one of the common arguments 



used by illegal file swappers: namely, that 
copying and distributing copyrighted 
works was not substantially different 
from recording TV or movies on a VCR. 
Of course, with only a little thought it's 
obvious that this defense doesn't hold 
water: Consumers who copy TV shows 
and then make them easy to obtain for 
free by other parties would indeed be in 
violation of copyright laws. 

The Supreme Court found another 
aspect that closes the door: VCRs are pri- 
marily used for "time displacement," that 
is, for filming shows to be viewed later at 
a more convenient time. The vast major- 
ity of VCR use is intended for consump- 
tion by the same household in which the 
material was recorded. Such is not the 
case with file-swapping networks. 

By a unanimous decision, the Su- 
preme Court made it clear that traffick- 
ing in pirated works will continue to be 
illegal and punishable. The need for this 
reaffirmation is odd from a historical 
perspective. Never in the history of 
humanity has so much information and 
software been available to so many for 
free. Nor have songs ever been cheaper 
for individual purchase. Piracy, then, is 
just purely greed that happens to be 
made easier because of technology. 

The fact that so many feel entitled to 
this form of selfishness in a time of plen- 
ty says a lot about us all. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 



The Law of Lines 



Whatever checkout line you're in is 
always the slowest, and if you 
move to a new line, the line you were 
just in speeds up and the new line 
slows down. That's the Law of Lines. 

The Conference Corollary of this 
universal law applies to conference ses- 
sions: Whatever session you're in is 
always a dog, but if you session-hop, 
the one you leave turns great and the 
one you go to becomes awful. 

Of course, my information about 
the good sessions comes from newly 
made friends who might be lying in 
order not to admit that they made a 
bad choice. Maybe all the sessions are 
bad. Maybe I just have a low threshold 
for boredom. 

I bring up the Law of Lines because 
I've just come away from this year's 
JavaOne, which provided many exam- 
ples of the Conference Corollary. A 
couple of the sessions I went to were 
great, but most of them were what I've 
come to expect from large conferences: 
boring marketing fluff, technical ses- 
sions that were too short to be useful, 
or technical sessions that presented 
perhaps 10 minutes of useful material 
in a 90-minute format. 

Matters were made worse by the 



build-up to the conference, which led 
me to believe that things would be dif- 
ferent this year. 

I was hoping for lots of education 
and less marketing. After all, most of 
the sessions were billed as tutorials, 
advanced how-tos or instructor-led 
hands-on labs. 

Let's start with the hands-on ses- 
sions. Sun set up a great 
hands-on room, loaded with 
computers and big enough to 
handle a good-sized group. 
"At last," I thought, "they've 
taken the notion of educa- 
tion seriously." 

I was wrong. The room | 
sat empty for most of the 
conference because Sun 
scheduled, at most, four 
hours of hands-on per day. 

To make matters worse, with only 
one exception, every hands-on class 
was a NetBeans tutorial of some sort. 
This is like adding insult to injury — I 
really don't understand why Sun insists 
on putting so much effort into Net- 
Beans rather than working collabora- 
tively with the rest of the industry on 
Eclipse. 

Eclipse, unlike NetBeans, is sur- 




rounded by a lively open-source com- 
munity that has made it into a superior 
development platform. 

On the other hand, the NetBeans 
community is a very lonely place occu- 
pied only by Sun and those companies 
over which Sun has some leverage. 
If Sun really wants to promote Java by 
building developer tools, it should be 
building world-class Eclipse 
plug-ins. It's not as if Net- 
Beans is a profit center. 

Returning to the subject 
at hand, there's absolutely 
nothing that Sun can do at 
JavaOne to persuade me (or 
I anyone else) that NetBeans is 
a good thing, and wasting so 
much time trying to do just 
_ ,,- that detracts from the confer- 
ence considerably. 
That hands-on room could have 
been packed with happy programmers 
learning how to write real software in 
new ways. 

I would have loved to have taken a 
Hibernate 3 tutorial or learned how to 
build a Tapestry or Spring application. 
A few years ago, I would have loved to 
have had someone guide me step by 
step though the processes of writing 



and deploying a Web app on Tomcat, 
or writing a custom JSP tag. Instead, I 
get NetBeans tutorials. 

For a conference like JavaOne to be 
successful, it needs to be focused on 
education, not persuasion for Sun's 
specific Java agenda. 

It's like when you pay good money 
to see a movie, but then are forced 
to watch 15 minutes of soft-drink 
commercials before the movie starts. I 
didn't pay to watch ads, and I didn't go 
to JavaOne to hear Sun-centric market- 
ing hype disguised as a tutorial. 

The only indicator of the quality of a 
conference is whether or not I came 
away from it knowing how to do some- 
thing I didn't know how to do 
when I went in. I want to learn new 
things — subjects that aren't covered in 
the books. If it is in a book, I want to 
learn it faster, and get hands-on experi- 
ence with it. 

By this measure, this year's JavaOne 
was a failure. Sun did have a few 
let's-make-JavaOne-interesting brain- 
storming sessions, but I'm cynical 
about these amounting to anything as 
long as the marketing people are in 
charge. 

Let's hope for the best. I 

Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holub.com. 
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Making the Agile Move 
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I've seen a whole lot of ideas floated out 
into our space over the past five years. 
Some seemed reasonable, while others 
caused me to arch a dubious brow 

One concept, though, has resonated 
with me from the moment I heard about 
it. Perhaps it's due to my background as 
a newspaperman, used to facing daily 
deadlines to produce a newspaper with 
little margin for error. Used to 
being held accountable for 
my work on a daily basis. 
Used to sitting in on public 
sessions with the newspaper 
ombudsman to ensure the 
paper we published was what 
the readers wanted. 

The idea I'm speaking about 
is iterative development, aka 
agile development. I first heard 
Martin Fowler talk about light- 
weight development approaches and 
Extreme Programming five years ago at 
UMLWorld 2000 in New York City. I 
understood right away, and left wondering 
why this isn't the norm for software devel- 
opment — using pairs of developers to help 
advance a project (under the Extreme 
Programming methodology), creating and 
doing tests even as code is being written, 
and engaging the customer or end user in 
ongoing discussions to ensure the project 
is meeting requirements. 

The original creators of the "Agile 
Manifesto" back in 2001 were talking 
squarely to developers and their man- 
agers: here's how you and your team could 
work more efficiently. And the princi- 
ples — among them, "The most efficient 
and effective method of conveying infor- 
mation to and within a development team 
is face-to-face conversation" — worked for 
teams up to about 150 developers, testers 
and requirements gatherers. 

After infiltrating small teams and then 
growing inside organizations, iterative 
development techniques and tools need 







to get ready for prime time. The enter- 
prise is calling and wants to know how to 
apply the method across multithousand- 
person environments. The problem is, 
how do you scale agile development 
processes for organizations that need 
multiple teams, located at different sites, 
to work as collaboratively as these 
methodologies call for? 

Two companies that sell 
software for managing pro- 
jects developed using agile 
processes have just released 
product updates that address 
this very issue. 

With Rally Release 5, Rally 
Software has released a Web 
services API for integrating 
the tool with customer rela- 
tionship management systems 
and with automated test tools, 
and now offers new reporting tools and 
communications capabilities for larger, 
disparate development organizations. 

Meanwhile, VersionOne Release 6, in 
beta now in advance of general release 
in September, also is being built on a 
new API for integration with existing 
life-cycle tools, but that API won't be 
made available to target in this release. 
It allows users to plan, track and report 
on work in a browser-based environ- 
ment accessible by everyone involved in 
the development life cycle. 

According to Robert Holler, CEO of 
VersionOne, there are three keys to 
adapting agile management tools for 
large, distributed development teams. 
First is to get everything about the pro- 
ject — requirements and issues lists, as 
well as estimation, prioritization and 
tracking tools — into one place. "You can't 
use five tools for this anymore" and have 
it scale for distributed teams, Holler said. 
Once everything is gathered into a 
single location, the next job is to priori- 
tize the work and then parse it out to the 



team. Finally, you have to have the abil- 
ity to roll up projects flexibly, in an ad 
hoc manner, because as Holler pointed 
out, three distinct projects could all be 
part of version 7 of a product release. 
"Projects are dependent upon other pro- 
jects in an organization," he noted. 

Large organizations wishing to move 
to iterative development typically do so 
in phases, testing it in one project area to 
learn what's different from the phased 
development they are used to. "No 
longer are projects measured in tasks 
per hour; it's more in terms of what's my 
velocity and burn-down," Holler said. 

Holler said that as organizations 
take on their first iterative projects, 
they often do not like the results they 
see. But the important point, he said, is 
that they see the results. So much 
development today is done with little 
visibility beyond the developer, he 
asserted. "This information is in the 
face of the management team every 
day," he said. "If there's a developer 
who's not making progress on the work, 
the manager can see that every day. It 
forces him to deal with these issues 
earlier on," and think about changes 
that need to be made, either to person- 
nel or practices. 

One area in which enterprise-ready 
iterative development really can make 
an impact is offshoring. "Once agile is 
institutionalized in the mainstream 
[development] community, it will be 
forced upon the offshore community," 
Holler said. "I wouldn't spend $10 mil- 
lion on an offshore project unless I can 
see something next month, not 18 
months down the path." 

Fowler said, "Doing things the same 
way over and over again and expecting 
the results to change is the definition of 
insanity." But for those companies mired 
in their own failing processes, doing 
things the same way over and over again 
without an expectation of improvement 
is even crazier. I 

David Rubinstein is editor of SD Times. 
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Chip maker Advanced Micro Devices has filed an antitrust lawsuit against market 
leader Intel in which it alleges Intel sets its compilers to degrade the performance 
of applications running on AMD chips. According to the lawsuit, filed late last month 
in U.S. District Court in Delaware: "To achieve this, Intel designed the compiler to 
compile code along several alternate code paths. Some paths are executed when 
the program runs on an Intel platform and others are executed when the program 
is operated on a computer with an AMD microprocessor.... If the program detects a 
'Genuine Intel' microprocessor, it executes a fully optimized code path and oper- 
ates with the maximum efficiency. However, if the program detects an 'Authentic 
AMD' microprocessor, it executes a different code path that will degrade the pro- 
gram's performance or cause it to crash." Intel spokesman Chuck Molloy respond- 
ed by saying, "We think the overall complaint is simply wrong and that the allega- 
tions don't stand up." Molloy said Intel would not comment on the specifics of the 
complaint, but that the company would file a response to the suit by Sept. 6. Mean- 
while, AMD last month reported earnings of US$11.3 million, or 3 cents per share, for 
the second quarter ended June 26. That was a decline from the $32 million, or 9 
cents per share, posted in the year-earlier period. Revenue was $1.26 billion, flat 
from the same quarter a year ago. The company posted a record $767 million in 







sales in its PC chips business . . . Hewlett-Packard CEO Mark Hurd announced last 
month that 14,500 people— 10 percent of the company's workforce— will lose 
their jobs over the next six quarters. Hurd's decision will bring pink slips primarily 
to HP employees in the company's support sectors, such as human resources and 
finances, but the CEO also said that other sectors of the company would be affect- 
ed to a lesser extent ... IBM in late June announced the Security and Exchange 
Commission has requested its compliance with an informal investigation into the 
company's reporting of first-quarter earnings and expensing of equity compensa- 
tion. The company stressed the investigation is not an indication that any laws have 
been violated. IBM also announced it has agreed to resolve antitrust issues with 
Microsoft. IBM, which was found to have been negatively impacted by Microsoft's 
business practices in the landmark U.S. v. Microsoft antitrust case, will receive 
US$775 million from Microsoft and get credit worth $75 million toward deployment 
of Microsoft software at IBM . . . App security assessment provider Cenzic has 
closed US$15 million in funding, with Advanced Technology Ventures leading the 
Series C round . . . Open-source development and deployment platform provider 
ActiveGrid has closed a second round of venture funding worth US$10 million, led 
by Worldview Technology Partners. ActiveGrid is built upon the LAMP stack. I 
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